├── .dockerignore ├── .gitignore ├── Dockerfile ├── LICENSE ├── README.md ├── conf ├── apache │ └── httpd.conf ├── nginx │ └── nginx.conf └── squid │ ├── squid.conf │ └── src.ssl.gadgets.cc.patch └── src ├── libressl-2.4.1 ├── CMakeLists.txt ├── COPYING ├── ChangeLog ├── INSTALL ├── Makefile.am ├── Makefile.am.common ├── Makefile.in ├── README.md ├── README.windows ├── VERSION ├── aclocal.m4 ├── apps │ ├── CMakeLists.txt │ ├── Makefile.am │ ├── Makefile.in │ ├── nc │ │ ├── CMakeLists.txt │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── atomicio.c │ │ ├── atomicio.h │ │ ├── compat │ │ │ ├── accept4.c │ │ │ ├── base64.c │ │ │ ├── readpassphrase.c │ │ │ ├── socket.c │ │ │ ├── strtonum.c │ │ │ └── sys │ │ │ │ └── socket.h │ │ ├── nc.1 │ │ ├── netcat.c │ │ └── socks.c │ └── openssl │ │ ├── CMakeLists.txt │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── apps.c │ │ ├── apps.h │ │ ├── apps_posix.c │ │ ├── apps_win.c │ │ ├── asn1pars.c │ │ ├── ca.c │ │ ├── cert.pem │ │ ├── certhash.c │ │ ├── certhash_win.c │ │ ├── ciphers.c │ │ ├── cms.c │ │ ├── compat │ │ ├── poll_win.c │ │ └── strtonum.c │ │ ├── crl.c │ │ ├── crl2p7.c │ │ ├── dgst.c │ │ ├── dh.c │ │ ├── dhparam.c │ │ ├── dsa.c │ │ ├── dsaparam.c │ │ ├── ec.c │ │ ├── ecparam.c │ │ ├── enc.c │ │ ├── errstr.c │ │ ├── gendh.c │ │ ├── gendsa.c │ │ ├── genpkey.c │ │ ├── genrsa.c │ │ ├── nseq.c │ │ ├── ocsp.c │ │ ├── openssl.1 │ │ ├── openssl.c │ │ ├── openssl.cnf │ │ ├── passwd.c │ │ ├── pkcs12.c │ │ ├── pkcs7.c │ │ ├── pkcs8.c │ │ ├── pkey.c │ │ ├── pkeyparam.c │ │ ├── pkeyutl.c │ │ ├── prime.c │ │ ├── progs.h │ │ ├── rand.c │ │ ├── req.c │ │ ├── rsa.c │ │ ├── rsautl.c │ │ ├── s_apps.h │ │ ├── s_cb.c │ │ ├── s_client.c │ │ ├── s_server.c │ │ ├── s_socket.c │ │ ├── s_time.c │ │ ├── sess_id.c │ │ ├── smime.c │ │ ├── speed.c │ │ ├── spkac.c │ │ ├── testdsa.h │ │ ├── testrsa.h │ │ ├── timeouts.h │ │ ├── ts.c │ │ ├── verify.c │ │ ├── version.c │ │ ├── x509.c │ │ └── x509v3.cnf ├── cmake_uninstall.cmake.in ├── compile ├── config ├── config.guess ├── config.sub ├── configure ├── configure.ac ├── crypto │ ├── CMakeLists.txt │ ├── Makefile.am │ ├── Makefile.am.arc4random │ ├── Makefile.am.elf-x86_64 │ ├── Makefile.am.macosx-x86_64 │ ├── Makefile.in │ ├── VERSION │ ├── aes │ │ ├── aes-elf-x86_64.s │ │ ├── aes-macosx-x86_64.s │ │ ├── aes_cbc.c │ │ ├── aes_cfb.c │ │ ├── aes_core.c │ │ ├── aes_ctr.c │ │ ├── aes_ecb.c │ │ ├── aes_ige.c │ │ ├── aes_locl.h │ │ ├── aes_misc.c │ │ ├── aes_ofb.c │ │ ├── aes_wrap.c │ │ ├── aesni-elf-x86_64.s │ │ ├── aesni-macosx-x86_64.s │ │ ├── aesni-sha1-elf-x86_64.s │ │ ├── aesni-sha1-macosx-x86_64.s │ │ ├── bsaes-elf-x86_64.s │ │ ├── bsaes-macosx-x86_64.s │ │ ├── vpaes-elf-x86_64.s │ │ └── vpaes-macosx-x86_64.s │ ├── asn1 │ │ ├── a_bitstr.c │ │ ├── a_bool.c │ │ ├── a_bytes.c │ │ ├── a_d2i_fp.c │ │ ├── a_digest.c │ │ ├── a_dup.c │ │ ├── a_enum.c │ │ ├── a_i2d_fp.c │ │ ├── a_int.c │ │ ├── a_mbstr.c │ │ ├── a_object.c │ │ ├── a_octet.c │ │ ├── a_print.c │ │ ├── a_set.c │ │ ├── a_sign.c │ │ ├── a_strex.c │ │ ├── a_strnid.c │ │ ├── a_time.c │ │ ├── a_time_tm.c │ │ ├── a_type.c │ │ ├── a_utf8.c │ │ ├── a_verify.c │ │ ├── ameth_lib.c │ │ ├── asn1_err.c │ │ ├── asn1_gen.c │ │ ├── asn1_lib.c │ │ ├── asn1_locl.h │ │ ├── asn1_par.c │ │ ├── asn_mime.c │ │ ├── asn_moid.c │ │ ├── asn_pack.c │ │ ├── bio_asn1.c │ │ ├── bio_ndef.c │ │ ├── charmap.h │ │ ├── d2i_pr.c │ │ ├── d2i_pu.c │ │ ├── evp_asn1.c │ │ ├── f_enum.c │ │ ├── f_int.c │ │ ├── f_string.c │ │ ├── i2d_pr.c │ │ ├── i2d_pu.c │ │ ├── n_pkey.c │ │ ├── nsseq.c │ │ ├── p5_pbe.c │ │ ├── p5_pbev2.c │ │ ├── p8_pkey.c │ │ ├── t_bitst.c │ │ ├── t_crl.c │ │ ├── t_pkey.c │ │ ├── t_req.c │ │ ├── t_spki.c │ │ ├── t_x509.c │ │ ├── t_x509a.c │ │ ├── tasn_dec.c │ │ ├── tasn_enc.c │ │ ├── tasn_fre.c │ │ ├── tasn_new.c │ │ ├── tasn_prn.c │ │ ├── tasn_typ.c │ │ ├── tasn_utl.c │ │ ├── x_algor.c │ │ ├── x_attrib.c │ │ ├── x_bignum.c │ │ ├── x_crl.c │ │ ├── x_exten.c │ │ ├── x_info.c │ │ ├── x_long.c │ │ ├── x_name.c │ │ ├── x_nx509.c │ │ ├── x_pkey.c │ │ ├── x_pubkey.c │ │ ├── x_req.c │ │ ├── x_sig.c │ │ ├── x_spki.c │ │ ├── x_val.c │ │ ├── x_x509.c │ │ └── x_x509a.c │ ├── bf │ │ ├── bf_cfb64.c │ │ ├── bf_ecb.c │ │ ├── bf_enc.c │ │ ├── bf_locl.h │ │ ├── bf_ofb64.c │ │ ├── bf_pi.h │ │ └── bf_skey.c │ ├── bio │ │ ├── b_dump.c │ │ ├── b_posix.c │ │ ├── b_print.c │ │ ├── b_sock.c │ │ ├── b_win.c │ │ ├── bf_buff.c │ │ ├── bf_nbio.c │ │ ├── bf_null.c │ │ ├── bio_cb.c │ │ ├── bio_err.c │ │ ├── bio_lib.c │ │ ├── bss_acpt.c │ │ ├── bss_bio.c │ │ ├── bss_conn.c │ │ ├── bss_dgram.c │ │ ├── bss_fd.c │ │ ├── bss_file.c │ │ ├── bss_log.c │ │ ├── bss_mem.c │ │ ├── bss_null.c │ │ └── bss_sock.c │ ├── bn │ │ ├── bn_add.c │ │ ├── bn_asm.c │ │ ├── bn_blind.c │ │ ├── bn_const.c │ │ ├── bn_ctx.c │ │ ├── bn_depr.c │ │ ├── bn_div.c │ │ ├── bn_err.c │ │ ├── bn_exp.c │ │ ├── bn_exp2.c │ │ ├── bn_gcd.c │ │ ├── bn_gf2m.c │ │ ├── bn_kron.c │ │ ├── bn_lcl.h │ │ ├── bn_lib.c │ │ ├── bn_mod.c │ │ ├── bn_mont.c │ │ ├── bn_mpi.c │ │ ├── bn_mul.c │ │ ├── bn_nist.c │ │ ├── bn_prime.c │ │ ├── bn_prime.h │ │ ├── bn_print.c │ │ ├── bn_rand.c │ │ ├── bn_recp.c │ │ ├── bn_shift.c │ │ ├── bn_sqr.c │ │ ├── bn_sqrt.c │ │ ├── bn_word.c │ │ ├── bn_x931p.c │ │ ├── gf2m-elf-x86_64.s │ │ ├── gf2m-macosx-x86_64.s │ │ ├── modexp512-elf-x86_64.s │ │ ├── modexp512-macosx-x86_64.s │ │ ├── mont-elf-x86_64.s │ │ ├── mont-macosx-x86_64.s │ │ ├── mont5-elf-x86_64.s │ │ └── mont5-macosx-x86_64.s │ ├── buffer │ │ ├── buf_err.c │ │ ├── buf_str.c │ │ └── buffer.c │ ├── camellia │ │ ├── camellia.c │ │ ├── camellia.h │ │ ├── cmll-elf-x86_64.s │ │ ├── cmll-macosx-x86_64.s │ │ ├── cmll_cbc.c │ │ ├── cmll_cfb.c │ │ ├── cmll_ctr.c │ │ ├── cmll_ecb.c │ │ ├── cmll_locl.h │ │ ├── cmll_misc.c │ │ └── cmll_ofb.c │ ├── cast │ │ ├── c_cfb64.c │ │ ├── c_ecb.c │ │ ├── c_enc.c │ │ ├── c_ofb64.c │ │ ├── c_skey.c │ │ ├── cast_lcl.h │ │ └── cast_s.h │ ├── chacha │ │ ├── chacha-merged.c │ │ └── chacha.c │ ├── cmac │ │ ├── cm_ameth.c │ │ ├── cm_pmeth.c │ │ └── cmac.c │ ├── comp │ │ ├── c_rle.c │ │ ├── c_zlib.c │ │ ├── comp_err.c │ │ └── comp_lib.c │ ├── compat │ │ ├── arc4random.c │ │ ├── arc4random.h │ │ ├── arc4random_aix.h │ │ ├── arc4random_freebsd.h │ │ ├── arc4random_hpux.h │ │ ├── arc4random_linux.h │ │ ├── arc4random_netbsd.h │ │ ├── arc4random_osx.h │ │ ├── arc4random_solaris.h │ │ ├── arc4random_uniform.c │ │ ├── arc4random_win.h │ │ ├── bsd-asprintf.c │ │ ├── chacha_private.h │ │ ├── explicit_bzero.c │ │ ├── explicit_bzero_win.c │ │ ├── getentropy_aix.c │ │ ├── getentropy_freebsd.c │ │ ├── getentropy_hpux.c │ │ ├── getentropy_linux.c │ │ ├── getentropy_netbsd.c │ │ ├── getentropy_osx.c │ │ ├── getentropy_solaris.c │ │ ├── getentropy_win.c │ │ ├── inet_pton.c │ │ ├── posix_win.c │ │ ├── reallocarray.c │ │ ├── strcasecmp.c │ │ ├── strlcat.c │ │ ├── strlcpy.c │ │ ├── strndup.c │ │ ├── strnlen.c │ │ ├── timegm.c │ │ ├── timingsafe_bcmp.c │ │ └── timingsafe_memcmp.c │ ├── conf │ │ ├── conf_api.c │ │ ├── conf_def.c │ │ ├── conf_def.h │ │ ├── conf_err.c │ │ ├── conf_lib.c │ │ ├── conf_mall.c │ │ ├── conf_mod.c │ │ └── conf_sap.c │ ├── constant_time_locl.h │ ├── cpt_err.c │ ├── cpuid-elf-x86_64.S │ ├── cpuid-macosx-x86_64.S │ ├── cryptlib.c │ ├── cryptlib.h │ ├── cversion.c │ ├── des │ │ ├── cbc_cksm.c │ │ ├── cbc_enc.c │ │ ├── cfb64ede.c │ │ ├── cfb64enc.c │ │ ├── cfb_enc.c │ │ ├── des_enc.c │ │ ├── des_locl.h │ │ ├── ecb3_enc.c │ │ ├── ecb_enc.c │ │ ├── ede_cbcm_enc.c │ │ ├── enc_read.c │ │ ├── enc_writ.c │ │ ├── fcrypt.c │ │ ├── fcrypt_b.c │ │ ├── ncbc_enc.c │ │ ├── ofb64ede.c │ │ ├── ofb64enc.c │ │ ├── ofb_enc.c │ │ ├── pcbc_enc.c │ │ ├── qud_cksm.c │ │ ├── rand_key.c │ │ ├── set_key.c │ │ ├── spr.h │ │ ├── str2key.c │ │ └── xcbc_enc.c │ ├── dh │ │ ├── dh_ameth.c │ │ ├── dh_asn1.c │ │ ├── dh_check.c │ │ ├── dh_depr.c │ │ ├── dh_err.c │ │ ├── dh_gen.c │ │ ├── dh_key.c │ │ ├── dh_lib.c │ │ ├── dh_pmeth.c │ │ └── dh_prn.c │ ├── dsa │ │ ├── dsa_ameth.c │ │ ├── dsa_asn1.c │ │ ├── dsa_depr.c │ │ ├── dsa_err.c │ │ ├── dsa_gen.c │ │ ├── dsa_key.c │ │ ├── dsa_lib.c │ │ ├── dsa_locl.h │ │ ├── dsa_ossl.c │ │ ├── dsa_pmeth.c │ │ ├── dsa_prn.c │ │ ├── dsa_sign.c │ │ └── dsa_vrf.c │ ├── dso │ │ ├── dso_dlfcn.c │ │ ├── dso_err.c │ │ ├── dso_lib.c │ │ ├── dso_null.c │ │ └── dso_openssl.c │ ├── ec │ │ ├── ec2_mult.c │ │ ├── ec2_oct.c │ │ ├── ec2_smpl.c │ │ ├── ec_ameth.c │ │ ├── ec_asn1.c │ │ ├── ec_check.c │ │ ├── ec_curve.c │ │ ├── ec_cvt.c │ │ ├── ec_err.c │ │ ├── ec_key.c │ │ ├── ec_lcl.h │ │ ├── ec_lib.c │ │ ├── ec_mult.c │ │ ├── ec_oct.c │ │ ├── ec_pmeth.c │ │ ├── ec_print.c │ │ ├── eck_prn.c │ │ ├── ecp_mont.c │ │ ├── ecp_nist.c │ │ ├── ecp_oct.c │ │ └── ecp_smpl.c │ ├── ecdh │ │ ├── ech_err.c │ │ ├── ech_key.c │ │ ├── ech_lib.c │ │ └── ech_locl.h │ ├── ecdsa │ │ ├── ecs_asn1.c │ │ ├── ecs_err.c │ │ ├── ecs_lib.c │ │ ├── ecs_locl.h │ │ ├── ecs_ossl.c │ │ ├── ecs_sign.c │ │ └── ecs_vrf.c │ ├── engine │ │ ├── eng_all.c │ │ ├── eng_cnf.c │ │ ├── eng_ctrl.c │ │ ├── eng_dyn.c │ │ ├── eng_err.c │ │ ├── eng_fat.c │ │ ├── eng_init.c │ │ ├── eng_int.h │ │ ├── eng_lib.c │ │ ├── eng_list.c │ │ ├── eng_openssl.c │ │ ├── eng_pkey.c │ │ ├── eng_table.c │ │ ├── tb_asnmth.c │ │ ├── tb_cipher.c │ │ ├── tb_dh.c │ │ ├── tb_digest.c │ │ ├── tb_dsa.c │ │ ├── tb_ecdh.c │ │ ├── tb_ecdsa.c │ │ ├── tb_pkmeth.c │ │ ├── tb_rand.c │ │ ├── tb_rsa.c │ │ └── tb_store.c │ ├── err │ │ ├── err.c │ │ ├── err_all.c │ │ └── err_prn.c │ ├── evp │ │ ├── bio_b64.c │ │ ├── bio_enc.c │ │ ├── bio_md.c │ │ ├── c_all.c │ │ ├── digest.c │ │ ├── e_aes.c │ │ ├── e_aes_cbc_hmac_sha1.c │ │ ├── e_bf.c │ │ ├── e_camellia.c │ │ ├── e_cast.c │ │ ├── e_chacha.c │ │ ├── e_chacha20poly1305.c │ │ ├── e_des.c │ │ ├── e_des3.c │ │ ├── e_gost2814789.c │ │ ├── e_idea.c │ │ ├── e_null.c │ │ ├── e_old.c │ │ ├── e_rc2.c │ │ ├── e_rc4.c │ │ ├── e_rc4_hmac_md5.c │ │ ├── e_xcbc_d.c │ │ ├── encode.c │ │ ├── evp_aead.c │ │ ├── evp_enc.c │ │ ├── evp_err.c │ │ ├── evp_key.c │ │ ├── evp_lib.c │ │ ├── evp_locl.h │ │ ├── evp_pbe.c │ │ ├── evp_pkey.c │ │ ├── m_dss.c │ │ ├── m_dss1.c │ │ ├── m_ecdsa.c │ │ ├── m_gost2814789.c │ │ ├── m_gostr341194.c │ │ ├── m_md4.c │ │ ├── m_md5.c │ │ ├── m_null.c │ │ ├── m_ripemd.c │ │ ├── m_sha1.c │ │ ├── m_sigver.c │ │ ├── m_streebog.c │ │ ├── m_wp.c │ │ ├── names.c │ │ ├── p5_crpt.c │ │ ├── p5_crpt2.c │ │ ├── p_dec.c │ │ ├── p_enc.c │ │ ├── p_lib.c │ │ ├── p_open.c │ │ ├── p_seal.c │ │ ├── p_sign.c │ │ ├── p_verify.c │ │ ├── pmeth_fn.c │ │ ├── pmeth_gn.c │ │ └── pmeth_lib.c │ ├── ex_data.c │ ├── gost │ │ ├── gost.h │ │ ├── gost2814789.c │ │ ├── gost89_keywrap.c │ │ ├── gost89_params.c │ │ ├── gost89imit_ameth.c │ │ ├── gost89imit_pmeth.c │ │ ├── gost_asn1.c │ │ ├── gost_asn1.h │ │ ├── gost_err.c │ │ ├── gost_locl.h │ │ ├── gostr341001.c │ │ ├── gostr341001_ameth.c │ │ ├── gostr341001_key.c │ │ ├── gostr341001_params.c │ │ ├── gostr341001_pmeth.c │ │ ├── gostr341194.c │ │ └── streebog.c │ ├── hmac │ │ ├── hm_ameth.c │ │ ├── hm_pmeth.c │ │ └── hmac.c │ ├── idea │ │ ├── i_cbc.c │ │ ├── i_cfb64.c │ │ ├── i_ecb.c │ │ ├── i_ofb64.c │ │ ├── i_skey.c │ │ └── idea_lcl.h │ ├── krb5 │ │ └── krb5_asn.c │ ├── lhash │ │ ├── lh_stats.c │ │ └── lhash.c │ ├── malloc-wrapper.c │ ├── md32_common.h │ ├── md4 │ │ ├── md4_dgst.c │ │ ├── md4_locl.h │ │ └── md4_one.c │ ├── md5 │ │ ├── md5-elf-x86_64.s │ │ ├── md5-macosx-x86_64.s │ │ ├── md5_dgst.c │ │ ├── md5_locl.h │ │ └── md5_one.c │ ├── mem_clr.c │ ├── mem_dbg.c │ ├── modes │ │ ├── cbc128.c │ │ ├── ccm128.c │ │ ├── cfb128.c │ │ ├── ctr128.c │ │ ├── cts128.c │ │ ├── gcm128.c │ │ ├── ghash-elf-x86_64.s │ │ ├── ghash-macosx-x86_64.s │ │ ├── modes_lcl.h │ │ ├── ofb128.c │ │ └── xts128.c │ ├── o_init.c │ ├── o_str.c │ ├── o_time.c │ ├── o_time.h │ ├── objects │ │ ├── o_names.c │ │ ├── obj_dat.c │ │ ├── obj_dat.h │ │ ├── obj_err.c │ │ ├── obj_lib.c │ │ ├── obj_xref.c │ │ └── obj_xref.h │ ├── ocsp │ │ ├── ocsp_asn.c │ │ ├── ocsp_cl.c │ │ ├── ocsp_err.c │ │ ├── ocsp_ext.c │ │ ├── ocsp_ht.c │ │ ├── ocsp_lib.c │ │ ├── ocsp_prn.c │ │ ├── ocsp_srv.c │ │ └── ocsp_vfy.c │ ├── pem │ │ ├── pem_all.c │ │ ├── pem_err.c │ │ ├── pem_info.c │ │ ├── pem_lib.c │ │ ├── pem_oth.c │ │ ├── pem_pk8.c │ │ ├── pem_pkey.c │ │ ├── pem_seal.c │ │ ├── pem_sign.c │ │ ├── pem_x509.c │ │ ├── pem_xaux.c │ │ └── pvkfmt.c │ ├── pkcs12 │ │ ├── p12_add.c │ │ ├── p12_asn.c │ │ ├── p12_attr.c │ │ ├── p12_crpt.c │ │ ├── p12_crt.c │ │ ├── p12_decr.c │ │ ├── p12_init.c │ │ ├── p12_key.c │ │ ├── p12_kiss.c │ │ ├── p12_mutl.c │ │ ├── p12_npas.c │ │ ├── p12_p8d.c │ │ ├── p12_p8e.c │ │ ├── p12_utl.c │ │ └── pk12err.c │ ├── pkcs7 │ │ ├── bio_pk7.c │ │ ├── pk7_asn1.c │ │ ├── pk7_attr.c │ │ ├── pk7_doit.c │ │ ├── pk7_lib.c │ │ ├── pk7_mime.c │ │ ├── pk7_smime.c │ │ └── pkcs7err.c │ ├── poly1305 │ │ ├── poly1305-donna.c │ │ └── poly1305.c │ ├── rand │ │ ├── rand_err.c │ │ ├── rand_lib.c │ │ └── randfile.c │ ├── rc2 │ │ ├── rc2_cbc.c │ │ ├── rc2_ecb.c │ │ ├── rc2_locl.h │ │ ├── rc2_skey.c │ │ ├── rc2cfb64.c │ │ └── rc2ofb64.c │ ├── rc4 │ │ ├── rc4-elf-x86_64.s │ │ ├── rc4-macosx-x86_64.s │ │ ├── rc4-md5-elf-x86_64.s │ │ ├── rc4-md5-macosx-x86_64.s │ │ ├── rc4_enc.c │ │ ├── rc4_locl.h │ │ └── rc4_skey.c │ ├── ripemd │ │ ├── rmd_dgst.c │ │ ├── rmd_locl.h │ │ ├── rmd_one.c │ │ └── rmdconst.h │ ├── rsa │ │ ├── rsa_ameth.c │ │ ├── rsa_asn1.c │ │ ├── rsa_chk.c │ │ ├── rsa_crpt.c │ │ ├── rsa_depr.c │ │ ├── rsa_eay.c │ │ ├── rsa_err.c │ │ ├── rsa_gen.c │ │ ├── rsa_lib.c │ │ ├── rsa_locl.h │ │ ├── rsa_none.c │ │ ├── rsa_oaep.c │ │ ├── rsa_pk1.c │ │ ├── rsa_pmeth.c │ │ ├── rsa_prn.c │ │ ├── rsa_pss.c │ │ ├── rsa_saos.c │ │ ├── rsa_sign.c │ │ ├── rsa_ssl.c │ │ └── rsa_x931.c │ ├── sha │ │ ├── sha1-elf-x86_64.s │ │ ├── sha1-macosx-x86_64.s │ │ ├── sha1_one.c │ │ ├── sha1dgst.c │ │ ├── sha256-elf-x86_64.S │ │ ├── sha256-macosx-x86_64.S │ │ ├── sha256.c │ │ ├── sha512-elf-x86_64.S │ │ ├── sha512-macosx-x86_64.S │ │ ├── sha512.c │ │ └── sha_locl.h │ ├── stack │ │ └── stack.c │ ├── ts │ │ ├── ts_asn1.c │ │ ├── ts_conf.c │ │ ├── ts_err.c │ │ ├── ts_lib.c │ │ ├── ts_req_print.c │ │ ├── ts_req_utils.c │ │ ├── ts_rsp_print.c │ │ ├── ts_rsp_sign.c │ │ ├── ts_rsp_utils.c │ │ ├── ts_rsp_verify.c │ │ └── ts_verify_ctx.c │ ├── txt_db │ │ └── txt_db.c │ ├── ui │ │ ├── ui_err.c │ │ ├── ui_lib.c │ │ ├── ui_locl.h │ │ ├── ui_openssl.c │ │ ├── ui_openssl_win.c │ │ └── ui_util.c │ ├── whrlpool │ │ ├── wp-elf-x86_64.s │ │ ├── wp-macosx-x86_64.s │ │ ├── wp_block.c │ │ ├── wp_dgst.c │ │ └── wp_locl.h │ ├── x509 │ │ ├── by_dir.c │ │ ├── by_file.c │ │ ├── by_mem.c │ │ ├── x509_att.c │ │ ├── x509_cmp.c │ │ ├── x509_d2.c │ │ ├── x509_def.c │ │ ├── x509_err.c │ │ ├── x509_ext.c │ │ ├── x509_lcl.h │ │ ├── x509_lu.c │ │ ├── x509_obj.c │ │ ├── x509_r2x.c │ │ ├── x509_req.c │ │ ├── x509_set.c │ │ ├── x509_trs.c │ │ ├── x509_txt.c │ │ ├── x509_v3.c │ │ ├── x509_vfy.c │ │ ├── x509_vpm.c │ │ ├── x509cset.c │ │ ├── x509name.c │ │ ├── x509rset.c │ │ ├── x509spki.c │ │ ├── x509type.c │ │ └── x_all.c │ └── x509v3 │ │ ├── ext_dat.h │ │ ├── pcy_cache.c │ │ ├── pcy_data.c │ │ ├── pcy_int.h │ │ ├── pcy_lib.c │ │ ├── pcy_map.c │ │ ├── pcy_node.c │ │ ├── pcy_tree.c │ │ ├── v3_akey.c │ │ ├── v3_akeya.c │ │ ├── v3_alt.c │ │ ├── v3_bcons.c │ │ ├── v3_bitst.c │ │ ├── v3_conf.c │ │ ├── v3_cpols.c │ │ ├── v3_crld.c │ │ ├── v3_enum.c │ │ ├── v3_extku.c │ │ ├── v3_genn.c │ │ ├── v3_ia5.c │ │ ├── v3_info.c │ │ ├── v3_int.c │ │ ├── v3_lib.c │ │ ├── v3_ncons.c │ │ ├── v3_ocsp.c │ │ ├── v3_pci.c │ │ ├── v3_pcia.c │ │ ├── v3_pcons.c │ │ ├── v3_pku.c │ │ ├── v3_pmaps.c │ │ ├── v3_prn.c │ │ ├── v3_purp.c │ │ ├── v3_skey.c │ │ ├── v3_sxnet.c │ │ ├── v3_utl.c │ │ └── v3err.c ├── depcomp ├── include │ ├── CMakeLists.txt │ ├── Makefile.am │ ├── Makefile.in │ ├── compat │ │ ├── arpa │ │ │ ├── inet.h │ │ │ └── nameser.h │ │ ├── dirent.h │ │ ├── dirent_msvc.h │ │ ├── err.h │ │ ├── limits.h │ │ ├── machine │ │ │ └── endian.h │ │ ├── netdb.h │ │ ├── netinet │ │ │ ├── in.h │ │ │ ├── ip.h │ │ │ └── tcp.h │ │ ├── poll.h │ │ ├── readpassphrase.h │ │ ├── resolv.h │ │ ├── stdio.h │ │ ├── stdlib.h │ │ ├── string.h │ │ ├── sys │ │ │ ├── cdefs.h │ │ │ ├── ioctl.h │ │ │ ├── mman.h │ │ │ ├── param.h │ │ │ ├── select.h │ │ │ ├── socket.h │ │ │ ├── stat.h │ │ │ ├── time.h │ │ │ ├── types.h │ │ │ └── uio.h │ │ ├── time.h │ │ ├── unistd.h │ │ └── win32netcompat.h │ ├── openssl │ │ ├── Makefile.am │ │ ├── Makefile.in │ │ ├── aes.h │ │ ├── asn1.h │ │ ├── asn1_mac.h │ │ ├── asn1t.h │ │ ├── bio.h │ │ ├── blowfish.h │ │ ├── bn.h │ │ ├── buffer.h │ │ ├── camellia.h │ │ ├── cast.h │ │ ├── chacha.h │ │ ├── cmac.h │ │ ├── cms.h │ │ ├── comp.h │ │ ├── conf.h │ │ ├── conf_api.h │ │ ├── crypto.h │ │ ├── des.h │ │ ├── dh.h │ │ ├── dsa.h │ │ ├── dso.h │ │ ├── dtls1.h │ │ ├── ec.h │ │ ├── ecdh.h │ │ ├── ecdsa.h │ │ ├── engine.h │ │ ├── err.h │ │ ├── evp.h │ │ ├── gost.h │ │ ├── hmac.h │ │ ├── idea.h │ │ ├── krb5_asn.h │ │ ├── lhash.h │ │ ├── md4.h │ │ ├── md5.h │ │ ├── modes.h │ │ ├── obj_mac.h │ │ ├── objects.h │ │ ├── ocsp.h │ │ ├── opensslconf.h │ │ ├── opensslfeatures.h │ │ ├── opensslv.h │ │ ├── ossl_typ.h │ │ ├── pem.h │ │ ├── pem2.h │ │ ├── pkcs12.h │ │ ├── pkcs7.h │ │ ├── poly1305.h │ │ ├── rand.h │ │ ├── rc2.h │ │ ├── rc4.h │ │ ├── ripemd.h │ │ ├── rsa.h │ │ ├── safestack.h │ │ ├── sha.h │ │ ├── srtp.h │ │ ├── ssl.h │ │ ├── ssl2.h │ │ ├── ssl23.h │ │ ├── ssl3.h │ │ ├── stack.h │ │ ├── tls1.h │ │ ├── ts.h │ │ ├── txt_db.h │ │ ├── ui.h │ │ ├── ui_compat.h │ │ ├── whrlpool.h │ │ ├── x509.h │ │ ├── x509_vfy.h │ │ └── x509v3.h │ ├── pqueue.h │ └── tls.h ├── install-sh ├── libcrypto.pc.in ├── libssl.pc.in ├── libtls.pc.in ├── ltmain.sh ├── m4 │ ├── check-hardening-options.m4 │ ├── check-libc.m4 │ ├── check-os-options.m4 │ ├── disable-compiler-warnings.m4 │ ├── libtool.m4 │ ├── ltoptions.m4 │ ├── ltsugar.m4 │ ├── ltversion.m4 │ └── lt~obsolete.m4 ├── man │ ├── ASN1_OBJECT_new.3 │ ├── ASN1_STRING_length.3 │ ├── ASN1_STRING_new.3 │ ├── ASN1_STRING_print_ex.3 │ ├── ASN1_generate_nconf.3 │ ├── BF_set_key.3 │ ├── BIO.3 │ ├── BIO_ctrl.3 │ ├── BIO_f_base64.3 │ ├── BIO_f_buffer.3 │ ├── BIO_f_cipher.3 │ ├── BIO_f_md.3 │ ├── BIO_f_null.3 │ ├── BIO_f_ssl.3 │ ├── BIO_find_type.3 │ ├── BIO_new.3 │ ├── BIO_new_CMS.3 │ ├── BIO_push.3 │ ├── BIO_read.3 │ ├── BIO_s_accept.3 │ ├── BIO_s_bio.3 │ ├── BIO_s_connect.3 │ ├── BIO_s_fd.3 │ ├── BIO_s_file.3 │ ├── BIO_s_mem.3 │ ├── BIO_s_null.3 │ ├── BIO_s_socket.3 │ ├── BIO_set_callback.3 │ ├── BIO_should_retry.3 │ ├── BN_BLINDING_new.3 │ ├── BN_CTX_new.3 │ ├── BN_CTX_start.3 │ ├── BN_add.3 │ ├── BN_add_word.3 │ ├── BN_bn2bin.3 │ ├── BN_cmp.3 │ ├── BN_copy.3 │ ├── BN_generate_prime.3 │ ├── BN_mod_inverse.3 │ ├── BN_mod_mul_montgomery.3 │ ├── BN_mod_mul_reciprocal.3 │ ├── BN_new.3 │ ├── BN_num_bytes.3 │ ├── BN_rand.3 │ ├── BN_set_bit.3 │ ├── BN_swap.3 │ ├── BN_zero.3 │ ├── BUF_MEM_new.3 │ ├── CMS_add0_cert.3 │ ├── CMS_add1_recipient_cert.3 │ ├── CMS_add1_signer.3 │ ├── CMS_compress.3 │ ├── CMS_decrypt.3 │ ├── CMS_encrypt.3 │ ├── CMS_final.3 │ ├── CMS_get0_RecipientInfos.3 │ ├── CMS_get0_SignerInfos.3 │ ├── CMS_get0_type.3 │ ├── CMS_get1_ReceiptRequest.3 │ ├── CMS_sign.3 │ ├── CMS_sign_receipt.3 │ ├── CMS_uncompress.3 │ ├── CMS_verify.3 │ ├── CMS_verify_receipt.3 │ ├── CMakeLists.txt │ ├── CONF_modules_free.3 │ ├── CONF_modules_load_file.3 │ ├── CRYPTO_set_ex_data.3 │ ├── CRYPTO_set_locking_callback.3 │ ├── DES_set_key.3 │ ├── DH_generate_key.3 │ ├── DH_generate_parameters.3 │ ├── DH_get_ex_new_index.3 │ ├── DH_new.3 │ ├── DH_set_method.3 │ ├── DH_size.3 │ ├── DSA_SIG_new.3 │ ├── DSA_do_sign.3 │ ├── DSA_dup_DH.3 │ ├── DSA_generate_key.3 │ ├── DSA_generate_parameters.3 │ ├── DSA_get_ex_new_index.3 │ ├── DSA_new.3 │ ├── DSA_set_method.3 │ ├── DSA_sign.3 │ ├── DSA_size.3 │ ├── ECDSA_SIG_new.3 │ ├── EC_GFp_simple_method.3 │ ├── EC_GROUP_copy.3 │ ├── EC_GROUP_new.3 │ ├── EC_KEY_new.3 │ ├── EC_POINT_add.3 │ ├── EC_POINT_new.3 │ ├── ERR.3 │ ├── ERR_GET_LIB.3 │ ├── ERR_clear_error.3 │ ├── ERR_error_string.3 │ ├── ERR_get_error.3 │ ├── ERR_load_crypto_strings.3 │ ├── ERR_load_strings.3 │ ├── ERR_print_errors.3 │ ├── ERR_put_error.3 │ ├── ERR_remove_state.3 │ ├── ERR_set_mark.3 │ ├── EVP_AEAD_CTX_init.3 │ ├── EVP_BytesToKey.3 │ ├── EVP_DigestInit.3 │ ├── EVP_DigestSignInit.3 │ ├── EVP_DigestVerifyInit.3 │ ├── EVP_EncryptInit.3 │ ├── EVP_OpenInit.3 │ ├── EVP_PKEY_CTX_ctrl.3 │ ├── EVP_PKEY_CTX_new.3 │ ├── EVP_PKEY_cmp.3 │ ├── EVP_PKEY_decrypt.3 │ ├── EVP_PKEY_derive.3 │ ├── EVP_PKEY_encrypt.3 │ ├── EVP_PKEY_get_default_digest.3 │ ├── EVP_PKEY_keygen.3 │ ├── EVP_PKEY_new.3 │ ├── EVP_PKEY_print_private.3 │ ├── EVP_PKEY_set1_RSA.3 │ ├── EVP_PKEY_sign.3 │ ├── EVP_PKEY_verify.3 │ ├── EVP_PKEY_verify_recover.3 │ ├── EVP_SealInit.3 │ ├── EVP_SignInit.3 │ ├── EVP_VerifyInit.3 │ ├── HMAC.3 │ ├── MD5.3 │ ├── Makefile.am │ ├── Makefile.in │ ├── OBJ_nid2obj.3 │ ├── OPENSSL_VERSION_NUMBER.3 │ ├── OPENSSL_config.3 │ ├── OPENSSL_load_builtin_modules.3 │ ├── OpenSSL_add_all_algorithms.3 │ ├── PEM_read_bio_PrivateKey.3 │ ├── PEM_write_bio_CMS_stream.3 │ ├── PEM_write_bio_PKCS7_stream.3 │ ├── PKCS12_create.3 │ ├── PKCS12_parse.3 │ ├── PKCS5_PBKDF2_HMAC.3 │ ├── PKCS7_decrypt.3 │ ├── PKCS7_encrypt.3 │ ├── PKCS7_sign.3 │ ├── PKCS7_sign_add_signer.3 │ ├── PKCS7_verify.3 │ ├── RAND.3 │ ├── RAND_add.3 │ ├── RAND_bytes.3 │ ├── RAND_cleanup.3 │ ├── RAND_load_file.3 │ ├── RAND_set_rand_method.3 │ ├── RC4.3 │ ├── RIPEMD160.3 │ ├── RSA_blinding_on.3 │ ├── RSA_check_key.3 │ ├── RSA_generate_key.3 │ ├── RSA_get_ex_new_index.3 │ ├── RSA_new.3 │ ├── RSA_padding_add_PKCS1_type_1.3 │ ├── RSA_print.3 │ ├── RSA_private_encrypt.3 │ ├── RSA_public_encrypt.3 │ ├── RSA_set_method.3 │ ├── RSA_sign.3 │ ├── RSA_sign_ASN1_OCTET_STRING.3 │ ├── RSA_size.3 │ ├── SHA1.3 │ ├── SMIME_read_CMS.3 │ ├── SMIME_read_PKCS7.3 │ ├── SMIME_write_CMS.3 │ ├── SMIME_write_PKCS7.3 │ ├── SSL_CIPHER_get_name.3 │ ├── SSL_COMP_add_compression_method.3 │ ├── SSL_CTX_add_extra_chain_cert.3 │ ├── SSL_CTX_add_session.3 │ ├── SSL_CTX_ctrl.3 │ ├── SSL_CTX_flush_sessions.3 │ ├── SSL_CTX_free.3 │ ├── SSL_CTX_get_ex_new_index.3 │ ├── SSL_CTX_get_verify_mode.3 │ ├── SSL_CTX_load_verify_locations.3 │ ├── SSL_CTX_new.3 │ ├── SSL_CTX_sess_number.3 │ ├── SSL_CTX_sess_set_cache_size.3 │ ├── SSL_CTX_sess_set_get_cb.3 │ ├── SSL_CTX_sessions.3 │ ├── SSL_CTX_set_cert_store.3 │ ├── SSL_CTX_set_cert_verify_callback.3 │ ├── SSL_CTX_set_cipher_list.3 │ ├── SSL_CTX_set_client_CA_list.3 │ ├── SSL_CTX_set_client_cert_cb.3 │ ├── SSL_CTX_set_default_passwd_cb.3 │ ├── SSL_CTX_set_generate_session_id.3 │ ├── SSL_CTX_set_info_callback.3 │ ├── SSL_CTX_set_max_cert_list.3 │ ├── SSL_CTX_set_mode.3 │ ├── SSL_CTX_set_msg_callback.3 │ ├── SSL_CTX_set_options.3 │ ├── SSL_CTX_set_psk_client_callback.3 │ ├── SSL_CTX_set_quiet_shutdown.3 │ ├── SSL_CTX_set_session_cache_mode.3 │ ├── SSL_CTX_set_session_id_context.3 │ ├── SSL_CTX_set_ssl_version.3 │ ├── SSL_CTX_set_timeout.3 │ ├── SSL_CTX_set_tmp_dh_callback.3 │ ├── SSL_CTX_set_tmp_rsa_callback.3 │ ├── SSL_CTX_set_verify.3 │ ├── SSL_CTX_use_certificate.3 │ ├── SSL_CTX_use_psk_identity_hint.3 │ ├── SSL_SESSION_free.3 │ ├── SSL_SESSION_get_ex_new_index.3 │ ├── SSL_SESSION_get_time.3 │ ├── SSL_accept.3 │ ├── SSL_alert_type_string.3 │ ├── SSL_clear.3 │ ├── SSL_connect.3 │ ├── SSL_do_handshake.3 │ ├── SSL_free.3 │ ├── SSL_get_SSL_CTX.3 │ ├── SSL_get_ciphers.3 │ ├── SSL_get_client_CA_list.3 │ ├── SSL_get_current_cipher.3 │ ├── SSL_get_default_timeout.3 │ ├── SSL_get_error.3 │ ├── SSL_get_ex_data_X509_STORE_CTX_idx.3 │ ├── SSL_get_ex_new_index.3 │ ├── SSL_get_fd.3 │ ├── SSL_get_peer_cert_chain.3 │ ├── SSL_get_peer_certificate.3 │ ├── SSL_get_psk_identity.3 │ ├── SSL_get_rbio.3 │ ├── SSL_get_session.3 │ ├── SSL_get_verify_result.3 │ ├── SSL_get_version.3 │ ├── SSL_library_init.3 │ ├── SSL_load_client_CA_file.3 │ ├── SSL_new.3 │ ├── SSL_pending.3 │ ├── SSL_read.3 │ ├── SSL_rstate_string.3 │ ├── SSL_session_reused.3 │ ├── SSL_set_bio.3 │ ├── SSL_set_connect_state.3 │ ├── SSL_set_fd.3 │ ├── SSL_set_session.3 │ ├── SSL_set_shutdown.3 │ ├── SSL_set_verify_result.3 │ ├── SSL_shutdown.3 │ ├── SSL_state_string.3 │ ├── SSL_want.3 │ ├── SSL_write.3 │ ├── UI_new.3 │ ├── X509_NAME_ENTRY_get_object.3 │ ├── X509_NAME_add_entry_by_txt.3 │ ├── X509_NAME_get_index_by_NID.3 │ ├── X509_NAME_print_ex.3 │ ├── X509_STORE_CTX_get_error.3 │ ├── X509_STORE_CTX_get_ex_new_index.3 │ ├── X509_STORE_CTX_new.3 │ ├── X509_STORE_CTX_set_verify_cb.3 │ ├── X509_STORE_set_verify_cb_func.3 │ ├── X509_VERIFY_PARAM_set_flags.3 │ ├── X509_new.3 │ ├── X509_verify_cert.3 │ ├── bn.3 │ ├── bn_dump.3 │ ├── crypto.3 │ ├── d2i_ASN1_OBJECT.3 │ ├── d2i_DHparams.3 │ ├── d2i_DSAPublicKey.3 │ ├── d2i_ECPKParameters.3 │ ├── d2i_PKCS8PrivateKey_bio.3 │ ├── d2i_RSAPublicKey.3 │ ├── d2i_SSL_SESSION.3 │ ├── d2i_X509.3 │ ├── d2i_X509_ALGOR.3 │ ├── d2i_X509_CRL.3 │ ├── d2i_X509_NAME.3 │ ├── d2i_X509_REQ.3 │ ├── d2i_X509_SIG.3 │ ├── des_read_pw.3 │ ├── dh.3 │ ├── dsa.3 │ ├── ec.3 │ ├── engine.3 │ ├── evp.3 │ ├── i2d_CMS_bio_stream.3 │ ├── i2d_PKCS7_bio_stream.3 │ ├── lh_new.3 │ ├── lh_stats.3 │ ├── rsa.3 │ ├── ssl.3 │ ├── tls_init.3 │ └── x509.3 ├── missing ├── openssl.pc.in ├── scripts │ ├── config.guess │ ├── config.sub │ ├── travis │ └── wrap-compiler-for-flag-check ├── ssl │ ├── CMakeLists.txt │ ├── Makefile.am │ ├── Makefile.in │ ├── VERSION │ ├── bio_ssl.c │ ├── bs_ber.c │ ├── bs_cbb.c │ ├── bs_cbs.c │ ├── bytestring.h │ ├── d1_both.c │ ├── d1_clnt.c │ ├── d1_enc.c │ ├── d1_lib.c │ ├── d1_meth.c │ ├── d1_pkt.c │ ├── d1_srtp.c │ ├── d1_srvr.c │ ├── pqueue.c │ ├── s23_clnt.c │ ├── s23_lib.c │ ├── s23_pkt.c │ ├── s23_srvr.c │ ├── s3_both.c │ ├── s3_cbc.c │ ├── s3_clnt.c │ ├── s3_lib.c │ ├── s3_pkt.c │ ├── s3_srvr.c │ ├── srtp.h │ ├── ssl_algs.c │ ├── ssl_asn1.c │ ├── ssl_cert.c │ ├── ssl_ciph.c │ ├── ssl_err.c │ ├── ssl_err2.c │ ├── ssl_lib.c │ ├── ssl_locl.h │ ├── ssl_rsa.c │ ├── ssl_sess.c │ ├── ssl_stat.c │ ├── ssl_txt.c │ ├── t1_clnt.c │ ├── t1_enc.c │ ├── t1_lib.c │ ├── t1_meth.c │ ├── t1_reneg.c │ └── t1_srvr.c ├── tap-driver.sh ├── test-driver ├── tests │ ├── CMakeLists.txt │ ├── Makefile.am │ ├── Makefile.in │ ├── aeadtest.c │ ├── aeadtest.sh │ ├── aeadtests.txt │ ├── aes_wrap.c │ ├── arc4randomforktest.c │ ├── arc4randomforktest.sh │ ├── asn1test.c │ ├── asn1time.c │ ├── base64test.c │ ├── bftest.c │ ├── biotest.c │ ├── bntest.c │ ├── bytestringtest.c │ ├── ca.pem │ ├── casttest.c │ ├── chachatest.c │ ├── cipher_list.c │ ├── cipherstest.c │ ├── clienttest.c │ ├── cts128test.c │ ├── destest.c │ ├── dhtest.c │ ├── dsatest.c │ ├── ecdhtest.c │ ├── ecdsatest.c │ ├── ectest.c │ ├── enginetest.c │ ├── evptest.c │ ├── evptest.sh │ ├── evptests.txt │ ├── explicit_bzero.c │ ├── exptest.c │ ├── gcm128test.c │ ├── gost2814789t.c │ ├── hmactest.c │ ├── ideatest.c │ ├── igetest.c │ ├── md4test.c │ ├── md5test.c │ ├── memmem.c │ ├── mont.c │ ├── openssl.cnf │ ├── optionstest.c │ ├── pbkdf2.c │ ├── pidwraptest.c │ ├── pidwraptest.sh │ ├── pkcs7test.c │ ├── poly1305test.c │ ├── pq_expected.txt │ ├── pq_test.c │ ├── pq_test.sh │ ├── randtest.c │ ├── rc2test.c │ ├── rc4test.c │ ├── rfc5280time.c │ ├── rfc5280time_small.test │ ├── rmdtest.c │ ├── server.pem │ ├── sha1test.c │ ├── sha256test.c │ ├── sha512test.c │ ├── ssltest.c │ ├── ssltest.sh │ ├── testdsa.sh │ ├── testenc.sh │ ├── testrsa.sh │ ├── tests.h │ ├── testssl │ ├── timingsafe.c │ ├── utf8test.c │ └── verifytest.c └── tls │ ├── CMakeLists.txt │ ├── Makefile.am │ ├── Makefile.in │ ├── VERSION │ ├── strsep.c │ ├── tls.c │ ├── tls_client.c │ ├── tls_config.c │ ├── tls_conninfo.c │ ├── tls_internal.h │ ├── tls_peer.c │ ├── tls_server.c │ ├── tls_util.c │ └── tls_verify.c └── talos ├── enclaveshim ├── Makefile.nosgx ├── Makefile.sgx ├── cpuid-elf-x86_64-ocall.S ├── ecall_queue.c ├── ecall_queue.h ├── enclave.config.xml ├── enclave.edl ├── enclave.lds ├── enclave_private.pem ├── enclaveshim_config.h ├── enclaveshim_ecalls.c ├── enclaveshim_ecalls.h ├── enclaveshim_log.h ├── enclaveshim_ocalls.c ├── enclaveshim_ocalls.h ├── hashmap.c ├── hashmap.h ├── logpoint.c ├── lthread.c ├── lthread.h ├── lthread_epoll.c ├── lthread_int.h ├── lthread_sched.c ├── mempool.c ├── mempool.h ├── mpmc_queue.c ├── mpmc_queue.h ├── ocalls.c ├── ocalls.h ├── openssl_types.h ├── queue.h ├── tls_processing_interface.c ├── tls_processing_interface.h ├── tree.h └── z2z_async_dlist.h ├── patch ├── a_bitstr.c.patch ├── a_int.c.patch ├── a_object.c.patch ├── a_sign.c.patch ├── a_time_tm.c.patch ├── a_verify.c.patch ├── aes_wrap.c.patch ├── ameth_lib.c.patch ├── arc4random.c.patch ├── arc4random.h.patch ├── asn1.h.patch ├── asn1_lib.c.patch ├── asn_mime.c.patch ├── b_print.c.patch ├── b_sock.c.patch ├── bio.h.patch ├── bio_enc.c.patch ├── bio_lib.c.patch ├── bn.h.patch ├── bn_asm.c.patch ├── bn_exp.c.patch ├── bn_lib.c.patch ├── bn_print.c.patch ├── bn_rand.c.patch ├── bs_cbs.c.patch ├── bss_acpt.c.patch ├── bss_conn.c.patch ├── bss_dgram.c.patch ├── bss_file.c.patch ├── buf_str.c.patch ├── buffer.c.patch ├── by_dir.c.patch ├── c_all.c.patch ├── cmac.c.patch ├── conf.h.patch ├── conf_def.c.patch ├── conf_mall.c.patch ├── conf_mod.c.patch ├── conf_sap.c.patch ├── cryptlib.c.patch ├── crypto.h.patch ├── cversion.c.patch ├── d1_lib.c.patch ├── dh.h.patch ├── dh_lib.c.patch ├── digest.c.patch ├── dsa_asn1.c.patch ├── dso_dlfcn.c.patch ├── dso_lib.c.patch ├── e_aes.c.patch ├── e_aes_cbc_hmac_sha1.c.patch ├── e_chacha20poly1305.c.patch ├── e_idea.c.patch ├── ec.h.patch ├── ec_key.c.patch ├── ec_lib.c.patch ├── ec_mult.c.patch ├── ech_lib.c.patch ├── ecs_lib.c.patch ├── ecs_vrf.c.patch ├── eng_all.c.patch ├── eng_lib.c.patch ├── eng_openssl.c.patch ├── engine.h.patch ├── err.c.patch ├── err.h.patch ├── err_all.c.patch ├── evp.h.patch ├── evp_enc.c.patch ├── evp_key.c.patch ├── evp_lib.c.patch ├── gcm128.c.patch ├── getentropy_aix.c.patch ├── getentropy_hpux.c.patch ├── getentropy_linux.c.patch ├── getentropy_osx.c.patch ├── getentropy_solaris.c.patch ├── gost2814789.c.patch ├── gostr341001_key.c.patch ├── gostr341194.c.patch ├── hm_ameth.c.patch ├── hm_pmeth.c.patch ├── m_sha1.c.patch ├── malloc-wrapper.c.patch ├── md32_common.h.patch ├── md4_one.c.patch ├── md5.h.patch ├── md5_dgst.c.patch ├── md5_one.c.patch ├── mem_clr.c.patch ├── n_pkey.c.patch ├── names.c.patch ├── obj_dat.c.patch ├── obj_lib.c.patch ├── objects.h.patch ├── ocsp_lib.c.patch ├── p12_crpt.c.patch ├── p12_decr.c.patch ├── p12_key.c.patch ├── p5_crpt.c.patch ├── p5_crpt2.c.patch ├── p8_pkey.c.patch ├── p_lib.c.patch ├── p_open.c.patch ├── pem.h.patch ├── pem_all.c.patch ├── pem_info.c.patch ├── pem_lib.c.patch ├── pem_pk8.c.patch ├── pem_pkey.c.patch ├── pem_seal.c.patch ├── pem_x509.c.patch ├── pem_xaux.c.patch ├── pk7_doit.c.patch ├── pvkfmt.c.patch ├── randfile.c.patch ├── rmd_one.c.patch ├── rsa_eay.c.patch ├── rsa_saos.c.patch ├── rsa_sign.c.patch ├── s3_clnt.c.patch ├── s3_lib.c.patch ├── s3_pkt.c.patch ├── s3_srvr.c.patch ├── sha1_one.c.patch ├── sha256.c.patch ├── sha512.c.patch ├── ssl.h.patch ├── ssl_algs.c.patch ├── ssl_asn1.c.patch ├── ssl_cert.c.patch ├── ssl_ciph.c.patch ├── ssl_err2.c.patch ├── ssl_lib.c.patch ├── ssl_locl.h.patch ├── ssl_rsa.c.patch ├── ssl_sess.c.patch ├── ssl_stat.c.patch ├── stack.c.patch ├── stack.h.patch ├── str2key.c.patch ├── streebog.c.patch ├── t1_clnt.c.patch ├── t1_enc.c.patch ├── t1_lib.c.patch ├── t1_meth.c.patch ├── t1_srvr.c.patch ├── tasn_fre.c.patch ├── tls1.h.patch ├── ts_conf.c.patch ├── txt_db.c.patch ├── ui_lib.c.patch ├── ui_openssl.c.patch ├── ui_openssl_win.c.patch ├── ui_util.c.patch ├── v3_bcons.c.patch ├── v3_enum.c.patch ├── v3_genn.c.patch ├── v3_purp.c.patch ├── v3_utl.c.patch ├── x509.h.patch ├── x509_cmp.c.patch ├── x509_ext.c.patch ├── x509_obj.c.patch ├── x509_set.c.patch ├── x509_trs.c.patch ├── x509_vfy.c.patch ├── x509_vpm.c.patch ├── x509name.c.patch ├── x509v3.h.patch ├── x_all.c.patch ├── x_name.c.patch ├── x_x509.c.patch └── x_x509a.c.patch └── patch_libressl.sh /.dockerignore: -------------------------------------------------------------------------------- 1 | Dockerfile 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.i 2 | *.o 3 | *.so 4 | *.a 5 | *~ 6 | -------------------------------------------------------------------------------- /conf/squid/src.ssl.gadgets.cc.patch: -------------------------------------------------------------------------------- 1 | --- src/ssl/gadgets.cc 2017-03-08 10:38:49.646309039 +0000 2 | +++ src/ssl/gadgets.cc 2017-03-08 10:39:12.477846228 +0000 3 | @@ -292,7 +292,7 @@ 4 | DecipherOnly 5 | }; 6 | 7 | - int mimicAlgo = OBJ_obj2nid(mimicCert.get()->cert_info->key->algor->algorithm); 8 | + int mimicAlgo = OBJ_obj2nid(X509_get_algorithm(mimicCert.get())); 9 | 10 | int added = 0; 11 | int nid; 12 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/Makefile.am: -------------------------------------------------------------------------------- 1 | SUBDIRS = crypto ssl tls include apps tests man 2 | ACLOCAL_AMFLAGS = -I m4 3 | 4 | pkgconfigdir = $(libdir)/pkgconfig 5 | pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc 6 | 7 | EXTRA_DIST = README.md README.windows VERSION config scripts 8 | EXTRA_DIST += CMakeLists.txt cmake_uninstall.cmake.in 9 | 10 | .PHONY: install_sw 11 | install_sw: install 12 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/Makefile.am.common: -------------------------------------------------------------------------------- 1 | AM_CFLAGS = 2 | AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL 3 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/VERSION: -------------------------------------------------------------------------------- 1 | 2.4.1 2 | 3 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/apps/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | add_subdirectory(openssl) 2 | add_subdirectory(nc) 3 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/apps/Makefile.am: -------------------------------------------------------------------------------- 1 | include $(top_srcdir)/Makefile.am.common 2 | 3 | SUBDIRS = openssl nc 4 | 5 | EXTRA_DIST = CMakeLists.txt 6 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/apps/nc/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | if(BUILD_NC) 2 | 3 | include_directories( 4 | . 5 | ./compat 6 | ../../include 7 | ../../include/compat 8 | ) 9 | 10 | set( 11 | NC_SRC 12 | atomicio.c 13 | netcat.c 14 | socks.c 15 | compat/socket.c 16 | ) 17 | 18 | check_function_exists(b64_ntop HAVE_B64_NTOP) 19 | if(HAVE_B64_NTOP) 20 | add_definitions(-DHAVE_B64_NTOP) 21 | else() 22 | set(NC_SRC ${NC_SRC} compat/base64.c) 23 | endif() 24 | 25 | check_function_exists(accept4 HAVE_ACCEPT4) 26 | if(HAVE_ACCEPT4) 27 | add_definitions(-DHAVE_ACCEPT4) 28 | else() 29 | set(NC_SRC ${NC_SRC} compat/accept4.c) 30 | endif() 31 | 32 | check_function_exists(readpassphrase HAVE_READPASSPHRASE) 33 | if(HAVE_READPASSPHRASE) 34 | add_definitions(-DHAVE_READPASSPHRASE) 35 | else() 36 | set(NC_SRC ${NC_SRC} compat/readpassphrase.c) 37 | endif() 38 | 39 | check_function_exists(strtonum HAVE_STRTONUM) 40 | if(HAVE_STRTONUM) 41 | add_definitions(-DHAVE_STRTONUM) 42 | else() 43 | set(NC_SRC ${NC_SRC} compat/strtonum.c) 44 | endif() 45 | 46 | if(NOT "${OPENSSLDIR}" STREQUAL "") 47 | add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\") 48 | else() 49 | add_definitions(-DDEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\") 50 | endif() 51 | 52 | add_executable(nc ${NC_SRC}) 53 | target_link_libraries(nc tls ${OPENSSL_LIBS}) 54 | 55 | if(ENABLE_NC) 56 | install(TARGETS nc DESTINATION bin) 57 | install(FILES nc.1 DESTINATION share/man/man1) 58 | endif() 59 | 60 | endif() 61 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/apps/nc/Makefile.am: -------------------------------------------------------------------------------- 1 | include $(top_srcdir)/Makefile.am.common 2 | 3 | if BUILD_NC 4 | 5 | if ENABLE_NC 6 | bin_PROGRAMS = nc 7 | else 8 | noinst_PROGRAMS = nc 9 | endif 10 | 11 | EXTRA_DIST = nc.1 12 | EXTRA_DIST += CMakeLists.txt 13 | 14 | nc_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) 15 | nc_LDADD += $(abs_top_builddir)/crypto/libcrypto.la 16 | nc_LDADD += $(abs_top_builddir)/ssl/libssl.la 17 | nc_LDADD += $(abs_top_builddir)/tls/libtls.la 18 | 19 | AM_CPPFLAGS += -I$(top_srcdir)/apps/nc/compat 20 | if OPENSSLDIR_DEFINED 21 | AM_CPPFLAGS += -DDEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\" 22 | else 23 | AM_CPPFLAGS += -DDEFAULT_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\" 24 | endif 25 | 26 | nc_SOURCES = atomicio.c 27 | nc_SOURCES += netcat.c 28 | nc_SOURCES += socks.c 29 | noinst_HEADERS = atomicio.h 30 | noinst_HEADERS += compat/sys/socket.h 31 | 32 | nc_SOURCES += compat/socket.c 33 | 34 | if !HAVE_B64_NTOP 35 | nc_SOURCES += compat/base64.c 36 | endif 37 | 38 | if !HAVE_ACCEPT4 39 | nc_SOURCES += compat/accept4.c 40 | endif 41 | 42 | if !HAVE_READPASSPHRASE 43 | nc_SOURCES += compat/readpassphrase.c 44 | endif 45 | 46 | if !HAVE_STRTONUM 47 | nc_SOURCES += compat/strtonum.c 48 | endif 49 | 50 | endif 51 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/apps/nc/compat/accept4.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int 5 | accept4(int s, struct sockaddr *addr, socklen_t *addrlen, int flags) 6 | { 7 | int rets = accept(s, addr, addrlen); 8 | if (rets == -1) 9 | return s; 10 | 11 | if (flags & SOCK_CLOEXEC) { 12 | flags = fcntl(s, F_GETFD); 13 | fcntl(rets, F_SETFD, flags | FD_CLOEXEC); 14 | } 15 | 16 | return rets; 17 | } 18 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/apps/nc/compat/socket.c: -------------------------------------------------------------------------------- 1 | #define SOCKET_FLAGS_PRIV 2 | 3 | #include 4 | 5 | #ifdef NEED_SOCKET_FLAGS 6 | 7 | #include 8 | 9 | int 10 | _socket(int domain, int type, int protocol) 11 | { 12 | int s = socket(domain, type & ~(SOCK_CLOEXEC | SOCK_NONBLOCK), protocol); 13 | int flags; 14 | if (s == -1) 15 | return s; 16 | 17 | if (type & SOCK_CLOEXEC) { 18 | flags = fcntl(s, F_GETFD); 19 | fcntl(s, F_SETFD, flags | FD_CLOEXEC); 20 | } 21 | 22 | if (type & SOCK_NONBLOCK) { 23 | flags = fcntl(s, F_GETFL); 24 | fcntl(s, F_SETFL, flags | O_NONBLOCK); 25 | } 26 | return s; 27 | } 28 | 29 | #endif 30 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/apps/nc/compat/sys/socket.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/socket.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | 9 | #if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC) 10 | #define NEED_SOCKET_FLAGS 11 | int _socket(int domain, int type, int protocol); 12 | #ifndef SOCKET_FLAGS_PRIV 13 | #define socket(d, t, p) _socket(d, t, p) 14 | #endif 15 | #endif 16 | 17 | #ifndef SOCK_NONBLOCK 18 | #define SOCK_NONBLOCK 0x4000 /* set O_NONBLOCK */ 19 | #endif 20 | 21 | #ifndef SOCK_CLOEXEC 22 | #define SOCK_CLOEXEC 0x8000 /* set FD_CLOEXEC */ 23 | #endif 24 | 25 | #ifndef HAVE_ACCEPT4 26 | int accept4(int s, struct sockaddr *addr, socklen_t *addrlen, int flags); 27 | #endif 28 | 29 | #else 30 | #include 31 | #endif 32 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/apps/openssl/apps_win.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * 4 | * Dongsheng Song 5 | * Brent Cook 6 | */ 7 | 8 | #include 9 | 10 | #include 11 | #include 12 | 13 | #include "apps.h" 14 | 15 | double 16 | app_tminterval(int stop, int usertime) 17 | { 18 | static unsigned __int64 tmstart; 19 | union { 20 | unsigned __int64 u64; 21 | FILETIME ft; 22 | } ct, et, kt, ut; 23 | 24 | GetProcessTimes(GetCurrentProcess(), &ct.ft, &et.ft, &kt.ft, &ut.ft); 25 | 26 | if (stop == TM_START) { 27 | tmstart = ut.u64 + kt.u64; 28 | } else { 29 | return (ut.u64 + kt.u64 - tmstart) / (double) 10000000; 30 | } 31 | return 0; 32 | } 33 | 34 | int 35 | setup_ui(void) 36 | { 37 | ui_method = UI_create_method("OpenSSL application user interface"); 38 | UI_method_set_opener(ui_method, ui_open); 39 | UI_method_set_reader(ui_method, ui_read); 40 | UI_method_set_writer(ui_method, ui_write); 41 | UI_method_set_closer(ui_method, ui_close); 42 | 43 | /* 44 | * Set STDIO to binary 45 | */ 46 | _setmode(_fileno(stdin), _O_BINARY); 47 | _setmode(_fileno(stdout), _O_BINARY); 48 | _setmode(_fileno(stderr), _O_BINARY); 49 | 50 | return 0; 51 | } 52 | 53 | void 54 | destroy_ui(void) 55 | { 56 | if (ui_method) { 57 | UI_destroy_method(ui_method); 58 | ui_method = NULL; 59 | } 60 | } 61 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/apps/openssl/certhash_win.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * certhash dummy implementation for platforms without symlinks 4 | */ 5 | 6 | #include "apps.h" 7 | 8 | int 9 | certhash_main(int argc, char **argv) 10 | { 11 | fprintf(stderr, "certhash is not enabled on this platform\n"); 12 | return (1); 13 | } 14 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/apps/openssl/openssl.cnf: -------------------------------------------------------------------------------- 1 | [ req ] 2 | #default_bits = 2048 3 | #default_md = sha256 4 | #default_keyfile = privkey.pem 5 | distinguished_name = req_distinguished_name 6 | attributes = req_attributes 7 | 8 | [ req_distinguished_name ] 9 | countryName = Country Name (2 letter code) 10 | countryName_min = 2 11 | countryName_max = 2 12 | stateOrProvinceName = State or Province Name (full name) 13 | localityName = Locality Name (eg, city) 14 | 0.organizationName = Organization Name (eg, company) 15 | organizationalUnitName = Organizational Unit Name (eg, section) 16 | commonName = Common Name (eg, fully qualified host name) 17 | commonName_max = 64 18 | emailAddress = Email Address 19 | emailAddress_max = 64 20 | 21 | [ req_attributes ] 22 | challengePassword = A challenge password 23 | challengePassword_min = 4 24 | challengePassword_max = 20 25 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/apps/openssl/x509v3.cnf: -------------------------------------------------------------------------------- 1 | # default settings 2 | CERTPATHLEN = 1 3 | CERTUSAGE = digitalSignature,keyCertSign,cRLSign 4 | EXTCERTUSAGE = serverAuth,clientAuth 5 | CERTIP = 0.0.0.0 6 | CERTFQDN = nohost.nodomain 7 | 8 | # This section should be referenced when building an x509v3 CA 9 | # Certificate. 10 | # The default path length and the key usage can be overridden 11 | # modified by setting the CERTPATHLEN and CERTUSAGE environment 12 | # variables. 13 | [x509v3_CA] 14 | basicConstraints=critical,CA:true,pathlen:$ENV::CERTPATHLEN 15 | keyUsage=$ENV::CERTUSAGE 16 | 17 | # This section should be referenced to add an IP Address 18 | # as an alternate subject name, needed by isakmpd 19 | # The address must be provided in the CERTIP environment variable 20 | [x509v3_IPAddr] 21 | subjectAltName=IP:$ENV::CERTIP 22 | extendedKeyUsage=$ENV::EXTCERTUSAGE 23 | 24 | # This section should be referenced to add a FQDN hostname 25 | # as an alternate subject name, needed by isakmpd 26 | # The address must be provided in the CERTFQDN environment variable 27 | [x509v3_FQDN] 28 | subjectAltName=DNS:$ENV::CERTFQDN 29 | extendedKeyUsage=$ENV::EXTCERTUSAGE 30 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/cmake_uninstall.cmake.in: -------------------------------------------------------------------------------- 1 | if(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") 2 | message(FATAL_ERROR "Cannot find install manifest: @CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") 3 | endif(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") 4 | 5 | file(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" files) 6 | string(REGEX REPLACE "\n" ";" files "${files}") 7 | foreach(file ${files}) 8 | message(STATUS "Uninstalling $ENV{DESTDIR}${file}") 9 | if(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}") 10 | exec_program( 11 | "@CMAKE_COMMAND@" ARGS "-E remove \"$ENV{DESTDIR}${file}\"" 12 | OUTPUT_VARIABLE rm_out 13 | RETURN_VALUE rm_retval 14 | ) 15 | if(NOT "${rm_retval}" STREQUAL 0) 16 | message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${file}") 17 | endif(NOT "${rm_retval}" STREQUAL 0) 18 | else(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}") 19 | message(STATUS "File $ENV{DESTDIR}${file} does not exist.") 20 | endif(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}") 21 | endforeach(file) 22 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/config: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This file exists for backwards-compatibility with build systems that expect a 4 | # config script similar to OpenSSL's. 5 | 6 | # New software should prefer the native configure script over this one. 7 | 8 | ARGS="" 9 | for var in "$@"; do 10 | case $var in 11 | no-shared ) ARGS="$ARGS --disable-shared";; 12 | no-asm ) ARGS="$ARGS --disable-asm";; 13 | --prefix* ) ARGS="$ARGS $var";; 14 | esac 15 | done 16 | 17 | ./configure $ARGS 18 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/Makefile.am.arc4random: -------------------------------------------------------------------------------- 1 | if !HAVE_ARC4RANDOM_BUF 2 | libcompat_la_SOURCES += compat/arc4random.c 3 | libcompat_la_SOURCES += compat/arc4random_uniform.c 4 | 5 | if !HAVE_GETENTROPY 6 | if HOST_AIX 7 | libcompat_la_SOURCES += compat/getentropy_aix.c 8 | endif 9 | if HOST_FREEBSD 10 | libcompat_la_SOURCES += compat/getentropy_freebsd.c 11 | endif 12 | if HOST_HPUX 13 | libcompat_la_SOURCES += compat/getentropy_hpux.c 14 | endif 15 | if HOST_LINUX 16 | libcompat_la_SOURCES += compat/getentropy_linux.c 17 | endif 18 | if HOST_NETBSD 19 | libcompat_la_SOURCES += compat/getentropy_netbsd.c 20 | endif 21 | if HOST_DARWIN 22 | libcompat_la_SOURCES += compat/getentropy_osx.c 23 | endif 24 | if HOST_SOLARIS 25 | libcompat_la_SOURCES += compat/getentropy_solaris.c 26 | endif 27 | if HOST_WIN 28 | libcompat_la_SOURCES += compat/getentropy_win.c 29 | endif 30 | endif 31 | 32 | endif 33 | 34 | noinst_HEADERS = 35 | noinst_HEADERS += compat/arc4random.h 36 | noinst_HEADERS += compat/arc4random_aix.h 37 | noinst_HEADERS += compat/arc4random_freebsd.h 38 | noinst_HEADERS += compat/arc4random_hpux.h 39 | noinst_HEADERS += compat/arc4random_linux.h 40 | noinst_HEADERS += compat/arc4random_netbsd.h 41 | noinst_HEADERS += compat/arc4random_osx.h 42 | noinst_HEADERS += compat/arc4random_solaris.h 43 | noinst_HEADERS += compat/arc4random_win.h 44 | noinst_HEADERS += compat/chacha_private.h 45 | 46 | 47 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/VERSION: -------------------------------------------------------------------------------- 1 | 38:0:0 2 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/asn1/charmap.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD$ */ 2 | /* Auto generated with chartype.pl script. 3 | * Mask of various character properties 4 | */ 5 | 6 | static const unsigned char char_type[] = { 7 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 8 | 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 9 | 120, 0, 1, 40, 0, 0, 0, 16, 16, 16, 0, 25, 25, 16, 16, 16, 10 | 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 9, 9, 16, 9, 16, 11 | 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 12 | 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 0, 0, 0, 13 | 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 14 | 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2 15 | }; 16 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/bio/b_win.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * 4 | * Dongsheng Song 5 | * Brent Cook 6 | */ 7 | 8 | #include 9 | 10 | #include 11 | #include 12 | 13 | int 14 | BIO_sock_init(void) 15 | { 16 | /* 17 | * WSAStartup loads the winsock .dll and initializes the networking 18 | * stack on Windows, or simply increases the reference count. 19 | */ 20 | static struct WSAData wsa_state = {0}; 21 | WORD version_requested = MAKEWORD(2, 2); 22 | static int wsa_init_done = 0; 23 | if (!wsa_init_done) { 24 | if (WSAStartup(version_requested, &wsa_state) != 0) { 25 | int err = WSAGetLastError(); 26 | SYSerr(SYS_F_WSASTARTUP, err); 27 | BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP); 28 | return (-1); 29 | } 30 | wsa_init_done = 1; 31 | } 32 | return (1); 33 | } 34 | 35 | void 36 | BIO_sock_cleanup(void) 37 | { 38 | /* 39 | * We could call WSACleanup here, but it is easy to get it wrong. Since 40 | * this API provides no way to even tell if it failed, there is no safe 41 | * way to expose that functionality here. 42 | * 43 | * The cost of leaving the networking DLLs loaded may have been large 44 | * during the Windows 3.1/win32s era, but it is small in modern 45 | * contexts, so don't bother. 46 | */ 47 | } 48 | 49 | int 50 | BIO_socket_nbio(int s, int mode) 51 | { 52 | u_long value = mode; 53 | return ioctlsocket(s, FIONBIO, &value) != SOCKET_ERROR; 54 | } 55 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/comp/c_rle.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: c_rle.c,v 1.7 2014/06/12 15:49:28 deraadt Exp $ */ 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, 9 | unsigned int olen, unsigned char *in, unsigned int ilen); 10 | static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, 11 | unsigned int olen, unsigned char *in, unsigned int ilen); 12 | 13 | static COMP_METHOD rle_method = { 14 | .type = NID_rle_compression, 15 | .name = LN_rle_compression, 16 | .compress = rle_compress_block, 17 | .expand = rle_expand_block 18 | }; 19 | 20 | COMP_METHOD * 21 | COMP_rle(void) 22 | { 23 | return (&rle_method); 24 | } 25 | 26 | static int 27 | rle_compress_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, 28 | unsigned char *in, unsigned int ilen) 29 | { 30 | 31 | if (ilen == 0 || olen < (ilen - 1)) { 32 | return (-1); 33 | } 34 | 35 | *(out++) = 0; 36 | memcpy(out, in, ilen); 37 | return (ilen + 1); 38 | } 39 | 40 | static int 41 | rle_expand_block(COMP_CTX *ctx, unsigned char *out, unsigned int olen, 42 | unsigned char *in, unsigned int ilen) 43 | { 44 | int i; 45 | 46 | if (olen < (ilen - 1)) { 47 | return (-1); 48 | } 49 | 50 | i= *(in++); 51 | if (i == 0) { 52 | memcpy(out, in, ilen - 1); 53 | } 54 | return (ilen - 1); 55 | } 56 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/comp/comp_lib.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: comp_lib.c,v 1.7 2014/06/12 15:49:28 deraadt Exp $ */ 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | COMP_CTX * 9 | COMP_CTX_new(COMP_METHOD *meth) 10 | { 11 | COMP_CTX *ret; 12 | 13 | if ((ret = calloc(1, sizeof(COMP_CTX))) == NULL) { 14 | return (NULL); 15 | } 16 | ret->meth = meth; 17 | if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { 18 | free(ret); 19 | ret = NULL; 20 | } 21 | return (ret); 22 | } 23 | 24 | void 25 | COMP_CTX_free(COMP_CTX *ctx) 26 | { 27 | if (ctx == NULL) 28 | return; 29 | 30 | if (ctx->meth->finish != NULL) 31 | ctx->meth->finish(ctx); 32 | 33 | free(ctx); 34 | } 35 | 36 | int 37 | COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, 38 | unsigned char *in, int ilen) 39 | { 40 | int ret; 41 | 42 | if (ctx->meth->compress == NULL) { 43 | return (-1); 44 | } 45 | ret = ctx->meth->compress(ctx, out, olen, in, ilen); 46 | if (ret > 0) { 47 | ctx->compress_in += ilen; 48 | ctx->compress_out += ret; 49 | } 50 | return (ret); 51 | } 52 | 53 | int 54 | COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, 55 | unsigned char *in, int ilen) 56 | { 57 | int ret; 58 | 59 | if (ctx->meth->expand == NULL) { 60 | return (-1); 61 | } 62 | ret = ctx->meth->expand(ctx, out, olen, in, ilen); 63 | if (ret > 0) { 64 | ctx->expand_in += ilen; 65 | ctx->expand_out += ret; 66 | } 67 | return (ret); 68 | } 69 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/compat/arc4random.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBCRYPTOCOMPAT_ARC4RANDOM_H 2 | #define LIBCRYPTOCOMPAT_ARC4RANDOM_H 3 | 4 | #include 5 | 6 | #if defined(_AIX) 7 | #include "arc4random_aix.h" 8 | 9 | #elif defined(__FreeBSD__) 10 | #include "arc4random_freebsd.h" 11 | 12 | #elif defined(__hpux) 13 | #include "arc4random_hpux.h" 14 | 15 | #elif defined(__linux__) 16 | #include "arc4random_linux.h" 17 | 18 | #elif defined(__NetBSD__) 19 | #include "arc4random_netbsd.h" 20 | 21 | #elif defined(__APPLE__) 22 | #include "arc4random_osx.h" 23 | 24 | #elif defined(__sun) 25 | #include "arc4random_solaris.h" 26 | 27 | #elif defined(_WIN32) 28 | #include "arc4random_win.h" 29 | 30 | #else 31 | #error "No arc4random hooks defined for this platform." 32 | 33 | #endif 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/compat/explicit_bzero.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: explicit_bzero.c,v 1.3 2014/06/21 02:34:26 matthew Exp $ */ 2 | /* 3 | * Public domain. 4 | * Written by Matthew Dempsky. 5 | */ 6 | 7 | #include 8 | 9 | __attribute__((weak)) void 10 | __explicit_bzero_hook(void *buf, size_t len) 11 | { 12 | } 13 | 14 | void 15 | explicit_bzero(void *buf, size_t len) 16 | { 17 | memset(buf, 0, len); 18 | __explicit_bzero_hook(buf, len); 19 | } 20 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/compat/explicit_bzero_win.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain. 3 | * Win32 explicit_bzero compatibility shim. 4 | */ 5 | 6 | #include 7 | #include 8 | 9 | void 10 | explicit_bzero(void *buf, size_t len) 11 | { 12 | SecureZeroMemory(buf, len); 13 | } 14 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/compat/reallocarray.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: reallocarray.c,v 1.2 2014/12/08 03:45:00 bcook Exp $ */ 2 | /* 3 | * Copyright (c) 2008 Otto Moerbeek 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include 19 | #include 20 | #include 21 | #include 22 | 23 | /* 24 | * This is sqrt(SIZE_MAX+1), as s1*s2 <= SIZE_MAX 25 | * if both s1 < MUL_NO_OVERFLOW and s2 < MUL_NO_OVERFLOW 26 | */ 27 | #define MUL_NO_OVERFLOW ((size_t)1 << (sizeof(size_t) * 4)) 28 | 29 | void * 30 | reallocarray(void *optr, size_t nmemb, size_t size) 31 | { 32 | if ((nmemb >= MUL_NO_OVERFLOW || size >= MUL_NO_OVERFLOW) && 33 | nmemb > 0 && SIZE_MAX / nmemb < size) { 34 | errno = ENOMEM; 35 | return NULL; 36 | } 37 | return realloc(optr, size * nmemb); 38 | } 39 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/compat/strndup.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: strndup.c,v 1.1 2010/05/18 22:24:55 tedu Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2010 Todd C. Miller 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | #include 20 | 21 | #include 22 | #include 23 | #include 24 | 25 | char * 26 | strndup(const char *str, size_t maxlen) 27 | { 28 | char *copy; 29 | size_t len; 30 | 31 | len = strnlen(str, maxlen); 32 | copy = malloc(len + 1); 33 | if (copy != NULL) { 34 | (void)memcpy(copy, str, len); 35 | copy[len] = '\0'; 36 | } 37 | 38 | return copy; 39 | } 40 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/compat/strnlen.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: strnlen.c,v 1.5 2014/06/10 04:17:37 deraadt Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2010 Todd C. Miller 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | #include 20 | 21 | #include 22 | 23 | size_t 24 | strnlen(const char *str, size_t maxlen) 25 | { 26 | const char *cp; 27 | 28 | for (cp = str; maxlen != 0 && *cp != '\0'; cp++, maxlen--) 29 | ; 30 | 31 | return (size_t)(cp - str); 32 | } 33 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/compat/timingsafe_bcmp.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: timingsafe_bcmp.c,v 1.2 2014/06/10 04:17:37 deraadt Exp $ */ 2 | /* 3 | * Copyright (c) 2010 Damien Miller. All rights reserved. 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include 19 | 20 | int 21 | timingsafe_bcmp(const void *b1, const void *b2, size_t n) 22 | { 23 | const unsigned char *p1 = b1, *p2 = b2; 24 | int ret = 0; 25 | 26 | for (; n > 0; n--) 27 | ret |= *p1++ ^ *p2++; 28 | return (ret != 0); 29 | } 30 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/evp/m_wp.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: m_wp.c,v 1.7 2014/07/11 08:44:48 jsing Exp $ */ 2 | 3 | #include 4 | 5 | #include 6 | 7 | #ifndef OPENSSL_NO_WHIRLPOOL 8 | 9 | #include 10 | #include 11 | #include 12 | #include 13 | 14 | static int 15 | init(EVP_MD_CTX *ctx) 16 | { 17 | return WHIRLPOOL_Init(ctx->md_data); 18 | } 19 | 20 | static int 21 | update(EVP_MD_CTX *ctx, const void *data, size_t count) 22 | { 23 | return WHIRLPOOL_Update(ctx->md_data, data, count); 24 | } 25 | 26 | static int 27 | final(EVP_MD_CTX *ctx, unsigned char *md) 28 | { 29 | return WHIRLPOOL_Final(md, ctx->md_data); 30 | } 31 | 32 | static const EVP_MD whirlpool_md = { 33 | .type = NID_whirlpool, 34 | .pkey_type = 0, 35 | .md_size = WHIRLPOOL_DIGEST_LENGTH, 36 | .flags = 0, 37 | .init = init, 38 | .update = update, 39 | .final = final, 40 | .copy = NULL, 41 | .cleanup = NULL, 42 | .sign = NULL, 43 | .verify = NULL, 44 | .required_pkey_type = { 45 | 0, 0, 0, 0, 46 | }, 47 | .block_size = WHIRLPOOL_BBLOCK / 8, 48 | .ctx_size = sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX), 49 | }; 50 | 51 | const EVP_MD * 52 | EVP_whirlpool(void) 53 | { 54 | return (&whirlpool_md); 55 | } 56 | #endif 57 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/mem_clr.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: mem_clr.c,v 1.3 2014/04/15 23:04:49 tedu Exp $ */ 2 | 3 | /* Ted Unangst places this file in the public domain. */ 4 | #include 5 | #include 6 | 7 | void 8 | OPENSSL_cleanse(void *ptr, size_t len) 9 | { 10 | explicit_bzero(ptr, len); 11 | } 12 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/o_init.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD$ */ 2 | /* Ted Unangst places this file in the public domain. */ 3 | 4 | #include 5 | 6 | void 7 | OPENSSL_init(void) 8 | { 9 | 10 | } 11 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/o_str.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: o_str.c,v 1.8 2014/06/12 15:49:27 deraadt Exp $ */ 2 | /* 3 | * Written by Theo de Raadt. Public domain. 4 | */ 5 | 6 | #include 7 | 8 | int OPENSSL_strcasecmp(const char *str1, const char *str2); 9 | int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n); 10 | 11 | int 12 | OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n) 13 | { 14 | return strncasecmp(str1, str2, n); 15 | } 16 | 17 | int 18 | OPENSSL_strcasecmp(const char *str1, const char *str2) 19 | { 20 | return strcasecmp(str1, str2); 21 | } 22 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/poly1305/poly1305.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD$ */ 2 | /* 3 | * Copyright (c) 2014 Joel Sing 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include 19 | #include "poly1305-donna.c" 20 | 21 | void 22 | CRYPTO_poly1305_init(poly1305_context *ctx, const unsigned char key[32]) 23 | { 24 | poly1305_init(ctx, key); 25 | } 26 | 27 | void 28 | CRYPTO_poly1305_update(poly1305_context *ctx, const unsigned char *in, 29 | size_t len) 30 | { 31 | poly1305_update(ctx, in, len); 32 | } 33 | 34 | void 35 | CRYPTO_poly1305_finish(poly1305_context *ctx, unsigned char mac[16]) 36 | { 37 | poly1305_finish(ctx, mac); 38 | } 39 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/rc4/rc4_locl.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: rc4_locl.h,v 1.3 2014/06/12 15:49:30 deraadt Exp $ */ 2 | 3 | #ifndef HEADER_RC4_LOCL_H 4 | #define HEADER_RC4_LOCL_H 5 | #endif 6 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/rsa/rsa_locl.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: rsa_locl.h,v 1.2 2014/06/12 15:49:30 deraadt Exp $ */ 2 | extern int int_rsa_verify(int dtype, const unsigned char *m, 3 | unsigned int m_len, unsigned char *rm, size_t *prm_len, 4 | const unsigned char *sigbuf, size_t siglen, RSA *rsa); 5 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/whrlpool/wp_locl.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD$ */ 2 | 3 | #include 4 | 5 | void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t); 6 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/x509v3/v3_pci.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lsds/TaLoS/9c959980de0c6d2a80582e3546747823ea3eca69/src/libressl-2.4.1/crypto/x509v3/v3_pci.c -------------------------------------------------------------------------------- /src/libressl-2.4.1/crypto/x509v3/v3_pcia.c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/lsds/TaLoS/9c959980de0c6d2a80582e3546747823ea3eca69/src/libressl-2.4.1/crypto/x509v3/v3_pcia.c -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | install(DIRECTORY . 2 | DESTINATION include 3 | PATTERN "CMakeLists.txt" EXCLUDE 4 | PATTERN "compat" EXCLUDE 5 | PATTERN "Makefile*" EXCLUDE) 6 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/Makefile.am: -------------------------------------------------------------------------------- 1 | include $(top_srcdir)/Makefile.am.common 2 | 3 | EXTRA_DIST = CMakeLists.txt 4 | 5 | SUBDIRS = openssl 6 | 7 | noinst_HEADERS = pqueue.h 8 | noinst_HEADERS += compat/dirent.h 9 | noinst_HEADERS += compat/dirent_msvc.h 10 | noinst_HEADERS += compat/err.h 11 | noinst_HEADERS += compat/limits.h 12 | noinst_HEADERS += compat/netdb.h 13 | noinst_HEADERS += compat/poll.h 14 | noinst_HEADERS += compat/readpassphrase.h 15 | noinst_HEADERS += compat/resolv.h 16 | noinst_HEADERS += compat/stdio.h 17 | noinst_HEADERS += compat/stdlib.h 18 | noinst_HEADERS += compat/string.h 19 | noinst_HEADERS += compat/time.h 20 | noinst_HEADERS += compat/unistd.h 21 | noinst_HEADERS += compat/win32netcompat.h 22 | 23 | noinst_HEADERS += compat/arpa/inet.h 24 | noinst_HEADERS += compat/arpa/nameser.h 25 | 26 | noinst_HEADERS += compat/machine/endian.h 27 | 28 | noinst_HEADERS += compat/netinet/in.h 29 | noinst_HEADERS += compat/netinet/ip.h 30 | noinst_HEADERS += compat/netinet/tcp.h 31 | 32 | noinst_HEADERS += compat/sys/cdefs.h 33 | noinst_HEADERS += compat/sys/ioctl.h 34 | noinst_HEADERS += compat/sys/mman.h 35 | noinst_HEADERS += compat/sys/param.h 36 | noinst_HEADERS += compat/sys/select.h 37 | noinst_HEADERS += compat/sys/socket.h 38 | noinst_HEADERS += compat/sys/stat.h 39 | noinst_HEADERS += compat/sys/time.h 40 | noinst_HEADERS += compat/sys/types.h 41 | noinst_HEADERS += compat/sys/uio.h 42 | 43 | include_HEADERS = tls.h 44 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/arpa/inet.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * arpa/inet.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | #include 10 | 11 | #ifndef AI_ADDRCONFIG 12 | #define AI_ADDRCONFIG 0x00000400 13 | #endif 14 | 15 | #endif 16 | 17 | #ifndef HAVE_INET_PTON 18 | int inet_pton(int af, const char * src, void * dst); 19 | #endif 20 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/arpa/nameser.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * arpa/inet.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | #include 10 | 11 | #ifndef INADDRSZ 12 | #define INADDRSZ 4 13 | #endif 14 | 15 | #ifndef IN6ADDRSZ 16 | #define IN6ADDRSZ 16 17 | #endif 18 | 19 | #ifndef INT16SZ 20 | #define INT16SZ 2 21 | #endif 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/dirent.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * dirent.h compatibility shim 4 | */ 5 | 6 | #ifndef LIBCRYPTOCOMPAT_DIRENT_H 7 | #define LIBCRYPTOCOMPAT_DIRENT_H 8 | 9 | #ifdef _MSC_VER 10 | #include 11 | #include 12 | #else 13 | #include_next 14 | #endif 15 | 16 | #endif 17 | 18 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/err.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * err.h compatibility shim 4 | */ 5 | 6 | #ifdef HAVE_ERR_H 7 | 8 | #include_next 9 | 10 | #else 11 | 12 | #ifndef LIBCRYPTOCOMPAT_ERR_H 13 | #define LIBCRYPTOCOMPAT_ERR_H 14 | 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | 21 | static inline void 22 | err(int eval, const char *fmt, ...) 23 | { 24 | int sverrno = errno; 25 | va_list ap; 26 | 27 | va_start(ap, fmt); 28 | if (fmt != NULL) { 29 | vfprintf(stderr, fmt, ap); 30 | fprintf(stderr, ": "); 31 | } 32 | fprintf(stderr, "%s\n", strerror(sverrno)); 33 | exit(eval); 34 | va_end(ap); 35 | } 36 | 37 | static inline void 38 | errx(int eval, const char *fmt, ...) 39 | { 40 | va_list ap; 41 | 42 | va_start(ap, fmt); 43 | if (fmt != NULL) 44 | vfprintf(stderr, fmt, ap); 45 | fprintf(stderr, "\n"); 46 | exit(eval); 47 | va_end(ap); 48 | } 49 | 50 | static inline void 51 | warn(const char *fmt, ...) 52 | { 53 | int sverrno = errno; 54 | va_list ap; 55 | 56 | va_start(ap, fmt); 57 | if (fmt != NULL) { 58 | vfprintf(stderr, fmt, ap); 59 | fprintf(stderr, ": "); 60 | } 61 | fprintf(stderr, "%s\n", strerror(sverrno)); 62 | va_end(ap); 63 | } 64 | 65 | static inline void 66 | warnx(const char *fmt, ...) 67 | { 68 | va_list ap; 69 | 70 | va_start(ap, fmt); 71 | if (fmt != NULL) 72 | vfprintf(stderr, fmt, ap); 73 | fprintf(stderr, "\n"); 74 | va_end(ap); 75 | } 76 | 77 | #endif 78 | 79 | #endif 80 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/limits.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * limits.h compatibility shim 4 | */ 5 | 6 | #ifdef _MSC_VER 7 | #include <../include/limits.h> 8 | #else 9 | #include_next 10 | #endif 11 | 12 | #ifdef __hpux 13 | #include 14 | #ifndef PATH_MAX 15 | #define PATH_MAX MAXPATHLEN 16 | #endif 17 | #endif 18 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/machine/endian.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * machine/endian.h compatibility shim 4 | */ 5 | 6 | #ifndef LIBCRYPTOCOMPAT_BYTE_ORDER_H_ 7 | #define LIBCRYPTOCOMPAT_BYTE_ORDER_H_ 8 | 9 | #if defined(_WIN32) 10 | 11 | #define LITTLE_ENDIAN 1234 12 | #define BIG_ENDIAN 4321 13 | #define PDP_ENDIAN 3412 14 | 15 | /* 16 | * Use GCC and Visual Studio compiler defines to determine endian. 17 | */ 18 | #if __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 19 | #define BYTE_ORDER LITTLE_ENDIAN 20 | #else 21 | #define BYTE_ORDER BIG_ENDIAN 22 | #endif 23 | 24 | #elif defined(__linux__) 25 | #include 26 | 27 | #elif defined(__sun) || defined(_AIX) || defined(__hpux) 28 | #include 29 | #include 30 | 31 | #elif defined(__sgi) 32 | #include 33 | #include 34 | 35 | #else 36 | #include_next 37 | 38 | #endif 39 | 40 | #endif 41 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/netdb.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * netdb.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | #include 10 | #endif 11 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/netinet/in.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * netinet/in.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | #include 10 | #endif 11 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/netinet/ip.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * netinet/ip.h compatibility shim 4 | */ 5 | 6 | #if defined(__hpux) 7 | #include 8 | #endif 9 | 10 | #ifndef _WIN32 11 | #include_next 12 | #else 13 | #include 14 | #endif 15 | 16 | /* 17 | * Definitions for DiffServ Codepoints as per RFC2474 18 | */ 19 | #ifndef IPTOS_DSCP_CS0 20 | #define IPTOS_DSCP_CS0 0x00 21 | #define IPTOS_DSCP_CS1 0x20 22 | #define IPTOS_DSCP_CS2 0x40 23 | #define IPTOS_DSCP_CS3 0x60 24 | #define IPTOS_DSCP_CS4 0x80 25 | #define IPTOS_DSCP_CS5 0xa0 26 | #define IPTOS_DSCP_CS6 0xc0 27 | #define IPTOS_DSCP_CS7 0xe0 28 | #endif 29 | 30 | #ifndef IPTOS_DSCP_AF11 31 | #define IPTOS_DSCP_AF11 0x28 32 | #define IPTOS_DSCP_AF12 0x30 33 | #define IPTOS_DSCP_AF13 0x38 34 | #define IPTOS_DSCP_AF21 0x48 35 | #define IPTOS_DSCP_AF22 0x50 36 | #define IPTOS_DSCP_AF23 0x58 37 | #define IPTOS_DSCP_AF31 0x68 38 | #define IPTOS_DSCP_AF32 0x70 39 | #define IPTOS_DSCP_AF33 0x78 40 | #define IPTOS_DSCP_AF41 0x88 41 | #define IPTOS_DSCP_AF42 0x90 42 | #define IPTOS_DSCP_AF43 0x98 43 | #endif 44 | 45 | #ifndef IPTOS_DSCP_EF 46 | #define IPTOS_DSCP_EF 0xb8 47 | #endif 48 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/netinet/tcp.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * netinet/tcp.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | #include 10 | #endif 11 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/resolv.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * resolv.h compatibility shim 4 | */ 5 | 6 | #ifndef LIBCRYPTOCOMPAT_RESOLV_H 7 | #define LIBCRYPTOCOMPAT_RESOLV_H 8 | 9 | #ifdef _MSC_VER 10 | #if _MSC_VER >= 1900 11 | #include <../ucrt/resolv.h> 12 | #else 13 | #include <../include/resolv.h> 14 | #endif 15 | #else 16 | #include_next 17 | #endif 18 | 19 | #ifndef HAVE_B64_NTOP 20 | int b64_ntop(unsigned char const *, size_t, char *, size_t); 21 | int b64_pton(char const *, unsigned char *, size_t); 22 | #endif 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/stdio.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * stdio.h compatibility shim 4 | */ 5 | 6 | #ifndef LIBCRYPTOCOMPAT_STDIO_H 7 | #define LIBCRYPTOCOMPAT_STDIO_H 8 | 9 | #ifdef _MSC_VER 10 | #if _MSC_VER >= 1900 11 | #include <../ucrt/stdlib.h> 12 | #include <../ucrt/corecrt_io.h> 13 | #include <../ucrt/stdio.h> 14 | #else 15 | #include <../include/stdio.h> 16 | #endif 17 | #else 18 | #include_next 19 | #endif 20 | 21 | #ifndef HAVE_ASPRINTF 22 | #include 23 | int vasprintf(char **str, const char *fmt, va_list ap); 24 | int asprintf(char **str, const char *fmt, ...); 25 | #endif 26 | 27 | #ifdef _WIN32 28 | 29 | void posix_perror(const char *s); 30 | FILE * posix_fopen(const char *path, const char *mode); 31 | char * posix_fgets(char *s, int size, FILE *stream); 32 | int posix_rename(const char *oldpath, const char *newpath); 33 | 34 | #ifndef NO_REDEF_POSIX_FUNCTIONS 35 | #define perror(errnum) posix_perror(errnum) 36 | #define fopen(path, mode) posix_fopen(path, mode) 37 | #define fgets(s, size, stream) posix_fgets(s, size, stream) 38 | #define rename(oldpath, newpath) posix_rename(oldpath, newpath) 39 | #endif 40 | 41 | #ifdef _MSC_VER 42 | #define snprintf _snprintf 43 | #endif 44 | 45 | #endif 46 | 47 | #endif 48 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/stdlib.h: -------------------------------------------------------------------------------- 1 | /* 2 | * stdlib.h compatibility shim 3 | * Public domain 4 | */ 5 | 6 | #ifdef _MSC_VER 7 | #if _MSC_VER >= 1900 8 | #include <../ucrt/stdlib.h> 9 | #else 10 | #include <../include/stdlib.h> 11 | #endif 12 | #else 13 | #include_next 14 | #endif 15 | 16 | #ifndef LIBCRYPTOCOMPAT_STDLIB_H 17 | #define LIBCRYPTOCOMPAT_STDLIB_H 18 | 19 | #include 20 | #include 21 | 22 | #ifndef HAVE_ARC4RANDOM_BUF 23 | uint32_t arc4random(void); 24 | void arc4random_buf(void *_buf, size_t n); 25 | uint32_t arc4random_uniform(uint32_t upper_bound); 26 | #endif 27 | 28 | #ifndef HAVE_REALLOCARRAY 29 | void *reallocarray(void *, size_t, size_t); 30 | #endif 31 | 32 | #ifndef HAVE_STRTONUM 33 | long long strtonum(const char *nptr, long long minval, 34 | long long maxval, const char **errstr); 35 | #endif 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/sys/cdefs.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/cdefs.h compatibility shim 4 | */ 5 | 6 | #ifndef LIBCRYPTOCOMPAT_SYS_CDEFS_H 7 | #define LIBCRYPTOCOMPAT_SYS_CDEFS_H 8 | 9 | #ifdef _WIN32 10 | 11 | #define __warn_references(sym,msg) 12 | 13 | #else 14 | 15 | #include_next 16 | 17 | #ifndef __warn_references 18 | 19 | #if defined(__GNUC__) && defined (HAS_GNU_WARNING_LONG) 20 | #define __warn_references(sym,msg) \ 21 | __asm__(".section .gnu.warning." __STRING(sym) \ 22 | " ; .ascii \"" msg "\" ; .text"); 23 | #else 24 | #define __warn_references(sym,msg) 25 | #endif 26 | 27 | #endif /* __warn_references */ 28 | 29 | #endif /* _WIN32 */ 30 | 31 | #endif /* LIBCRYPTOCOMPAT_SYS_CDEFS_H */ 32 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/sys/ioctl.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/ioctl.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | #include 10 | #define ioctl(fd, type, arg) ioctlsocket(fd, type, arg) 11 | #endif 12 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/sys/mman.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/mman.h compatibility shim 4 | */ 5 | 6 | #include_next 7 | 8 | #ifndef LIBCRYPTOCOMPAT_MMAN_H 9 | #define LIBCRYPTOCOMPAT_MMAN_H 10 | 11 | #ifndef MAP_ANON 12 | #ifdef MAP_ANONYMOUS 13 | #define MAP_ANON MAP_ANONYMOUS 14 | #else 15 | #error "System does not support mapping anonymous pages?" 16 | #endif 17 | #endif 18 | 19 | #endif 20 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/sys/param.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/param.h compatibility shim 4 | */ 5 | 6 | #ifndef LIBCRYPTOCOMPAT_SYS_PARAM_H 7 | #define LIBCRYPTOCOMPAT_SYS_PARAM_H 8 | 9 | #ifdef _MSC_VER 10 | #include 11 | #else 12 | #include_next 13 | #endif 14 | 15 | #endif 16 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/sys/select.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/select.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | #include 10 | #endif 11 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/sys/socket.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/socket.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | #include 10 | #endif 11 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/sys/time.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/time.h compatibility shim 4 | */ 5 | 6 | #ifndef LIBCRYPTOCOMPAT_SYS_TIME_H 7 | #define LIBCRYPTOCOMPAT_SYS_TIME_H 8 | 9 | #ifdef _MSC_VER 10 | #include 11 | int gettimeofday(struct timeval *tp, void *tzp); 12 | #else 13 | #include_next 14 | #endif 15 | 16 | #endif 17 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/sys/types.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/types.h compatibility shim 4 | */ 5 | 6 | #ifdef _MSC_VER 7 | #if _MSC_VER >= 1900 8 | #include <../ucrt/sys/types.h> 9 | #else 10 | #include <../include/sys/types.h> 11 | #endif 12 | #else 13 | #include_next 14 | #endif 15 | 16 | #ifndef LIBCRYPTOCOMPAT_SYS_TYPES_H 17 | #define LIBCRYPTOCOMPAT_SYS_TYPES_H 18 | 19 | #include 20 | 21 | #ifdef __MINGW32__ 22 | #include <_bsd_types.h> 23 | #endif 24 | 25 | #ifdef _MSC_VER 26 | typedef unsigned char u_char; 27 | typedef unsigned short u_short; 28 | typedef unsigned int u_int; 29 | 30 | #include 31 | typedef SSIZE_T ssize_t; 32 | 33 | #ifndef SSIZE_MAX 34 | #ifdef _WIN64 35 | #define SSIZE_MAX _I64_MAX 36 | #else 37 | #define SSIZE_MAX INT_MAX 38 | #endif 39 | #endif 40 | 41 | #endif 42 | 43 | #if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__) 44 | # define __bounded__(x, y, z) 45 | #endif 46 | 47 | #endif 48 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/sys/uio.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/select.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | 10 | #include 11 | 12 | struct iovec { 13 | void *iov_base; 14 | size_t iov_len; 15 | }; 16 | 17 | #endif 18 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/time.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/time.h compatibility shim 4 | */ 5 | 6 | #ifdef _MSC_VER 7 | #if _MSC_VER >= 1900 8 | #include <../ucrt/time.h> 9 | #else 10 | #include <../include/time.h> 11 | #endif 12 | #else 13 | #include_next 14 | #endif 15 | 16 | #ifdef _WIN32 17 | struct tm *__gmtime_r(const time_t * t, struct tm * tm); 18 | #define gmtime_r(tp, tm) __gmtime_r(tp, tm) 19 | #endif 20 | 21 | #ifndef HAVE_TIMEGM 22 | time_t timegm(struct tm *tm); 23 | #endif 24 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/compat/unistd.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * unistd.h compatibility shim 4 | */ 5 | 6 | #ifndef LIBCRYPTOCOMPAT_UNISTD_H 7 | #define LIBCRYPTOCOMPAT_UNISTD_H 8 | 9 | #ifndef _MSC_VER 10 | #include_next 11 | #else 12 | 13 | #include 14 | #include 15 | #include 16 | 17 | #define R_OK 4 18 | #define W_OK 2 19 | #define X_OK 0 20 | #define F_OK 0 21 | 22 | #define access _access 23 | 24 | unsigned int sleep(unsigned int seconds); 25 | 26 | #endif 27 | 28 | #ifndef HAVE_GETENTROPY 29 | int getentropy(void *buf, size_t buflen); 30 | #else 31 | /* 32 | * Solaris 11.3 adds getentropy(2), but defines the function in sys/random.h 33 | */ 34 | #if defined(__sun) 35 | #include 36 | #endif 37 | #endif 38 | 39 | #define pledge(request, paths) 0 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/openssl/opensslfeatures.h: -------------------------------------------------------------------------------- 1 | # define OPENSSL_NO_EC_NISTP_64_GCC_128 2 | # define OPENSSL_NO_CMS 3 | # define OPENSSL_NO_COMP 4 | # define OPENSSL_NO_EGD 5 | # define OPENSSL_NO_GMP 6 | # define OPENSSL_NO_JPAKE 7 | # define OPENSSL_NO_KRB5 8 | # define OPENSSL_NO_MD2 9 | # define OPENSSL_NO_MDC2 10 | # define OPENSSL_NO_PSK 11 | # define OPENSSL_NO_RC5 12 | # define OPENSSL_NO_RFC3779 13 | # define OPENSSL_NO_RSAX 14 | # define OPENSSL_NO_SCTP 15 | # define OPENSSL_NO_SEED 16 | # define OPENSSL_NO_SHA0 17 | # define OPENSSL_NO_SRP 18 | # define OPENSSL_NO_SSL2 19 | # define OPENSSL_NO_SSL3 20 | # define OPENSSL_NO_SSL3_METHOD 21 | # define OPENSSL_NO_STORE 22 | # define OPENSSL_NO_BUF_FREELISTS 23 | # define OPENSSL_NO_HEARTBEATS 24 | # define OPENSSL_NO_DYNAMIC_ENGINE 25 | 26 | # define OPENSSL_THREADS 27 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/openssl/opensslv.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: opensslv.h,v 1.34 2016/03/12 21:01:53 bcook Exp $ */ 2 | #ifndef HEADER_OPENSSLV_H 3 | #define HEADER_OPENSSLV_H 4 | 5 | /* These will change with each release of LibreSSL-portable */ 6 | #define LIBRESSL_VERSION_NUMBER 0x2040100fL 7 | #define LIBRESSL_VERSION_TEXT "LibreSSL 2.4.1" 8 | 9 | /* These will never change */ 10 | #define OPENSSL_VERSION_NUMBER 0x20000000L 11 | #define OPENSSL_VERSION_TEXT LIBRESSL_VERSION_TEXT 12 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT 13 | 14 | #define SHLIB_VERSION_HISTORY "" 15 | #define SHLIB_VERSION_NUMBER "1.0.0" 16 | 17 | #endif /* HEADER_OPENSSLV_H */ 18 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/include/openssl/whrlpool.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: whrlpool.h,v 1.4 2014/06/12 15:49:31 deraadt Exp $ */ 2 | 3 | #include 4 | 5 | #ifndef HEADER_WHRLPOOL_H 6 | #define HEADER_WHRLPOOL_H 7 | 8 | #include 9 | 10 | #ifdef __cplusplus 11 | extern "C" { 12 | #endif 13 | 14 | #define WHIRLPOOL_DIGEST_LENGTH (512/8) 15 | #define WHIRLPOOL_BBLOCK 512 16 | #define WHIRLPOOL_COUNTER (256/8) 17 | 18 | typedef struct { 19 | union { 20 | unsigned char c[WHIRLPOOL_DIGEST_LENGTH]; 21 | /* double q is here to ensure 64-bit alignment */ 22 | double q[WHIRLPOOL_DIGEST_LENGTH/sizeof(double)]; 23 | } H; 24 | unsigned char data[WHIRLPOOL_BBLOCK/8]; 25 | unsigned int bitoff; 26 | size_t bitlen[WHIRLPOOL_COUNTER/sizeof(size_t)]; 27 | } WHIRLPOOL_CTX; 28 | 29 | #ifndef OPENSSL_NO_WHIRLPOOL 30 | int WHIRLPOOL_Init (WHIRLPOOL_CTX *c); 31 | int WHIRLPOOL_Update (WHIRLPOOL_CTX *c,const void *inp,size_t bytes); 32 | void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits); 33 | int WHIRLPOOL_Final (unsigned char *md,WHIRLPOOL_CTX *c); 34 | unsigned char *WHIRLPOOL(const void *inp,size_t bytes,unsigned char *md); 35 | #endif 36 | 37 | #ifdef __cplusplus 38 | } 39 | #endif 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/libcrypto.pc.in: -------------------------------------------------------------------------------- 1 | #libcrypto pkg-config source file 2 | 3 | prefix=@prefix@ 4 | exec_prefix=@exec_prefix@ 5 | libdir=@libdir@ 6 | includedir=@includedir@ 7 | 8 | Name: LibreSSL-libssl 9 | Description: Secure Sockets Layer and cryptography libraries 10 | Version: @VERSION@ 11 | Requires: 12 | Conflicts: 13 | Libs: -L${libdir} -lcrypto 14 | Libs.private: @LIBS@ @PLATFORM_LDADD@ 15 | Cflags: -I${includedir} 16 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/libssl.pc.in: -------------------------------------------------------------------------------- 1 | #libssl pkg-config source file 2 | 3 | prefix=@prefix@ 4 | exec_prefix=@exec_prefix@ 5 | libdir=@libdir@ 6 | includedir=@includedir@ 7 | 8 | Name: LibreSSL-libssl 9 | Description: Secure Sockets Layer and cryptography libraries 10 | Version: @VERSION@ 11 | Requires: 12 | Requires.private: libcrypto 13 | Conflicts: 14 | Libs: -L${libdir} -lssl 15 | Libs.private: @LIBS@ -lcrypto @PLATFORM_LDADD@ 16 | Cflags: -I${includedir} 17 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/libtls.pc.in: -------------------------------------------------------------------------------- 1 | #libtls pkg-config source file 2 | 3 | prefix=@prefix@ 4 | exec_prefix=@exec_prefix@ 5 | libdir=@libdir@ 6 | includedir=@includedir@ 7 | 8 | Name: LibreSSL-libtls 9 | Description: Secure communications using the TLS socket protocol. 10 | Version: @VERSION@ 11 | Requires: 12 | Requires.private: libcrypto libssl 13 | Conflicts: 14 | Libs: -L${libdir} -ltls 15 | Libs.private: @LIBS@ -lcrypto -lssl @PLATFORM_LDADD@ 16 | Cflags: -I${includedir} 17 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/m4/disable-compiler-warnings.m4: -------------------------------------------------------------------------------- 1 | AC_DEFUN([DISABLE_COMPILER_WARNINGS], [ 2 | # Clang throws a lot of warnings when it does not understand a flag. Disable 3 | # this warning for now so other warnings are visible. 4 | AC_MSG_CHECKING([if compiling with clang]) 5 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[ 6 | #ifndef __clang__ 7 | not clang 8 | #endif 9 | ]])], 10 | [CLANG=yes], 11 | [CLANG=no] 12 | ) 13 | AC_MSG_RESULT([$CLANG]) 14 | AS_IF([test "x$CLANG" = "xyes"], [CLANG_FLAGS=-Qunused-arguments]) 15 | CFLAGS="$CFLAGS $CLANG_FLAGS" 16 | LDFLAGS="$LDFLAGS $CLANG_FLAGS" 17 | 18 | # Removing the dependency on -Wno-pointer-sign should be a goal. These are 19 | # largely unsigned char */char* mismatches in asn1 functions. 20 | save_cflags="$CFLAGS" 21 | CFLAGS=-Wno-pointer-sign 22 | AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign]) 23 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 24 | [AC_MSG_RESULT([yes])] 25 | [AM_CFLAGS=-Wno-pointer-sign], 26 | [AC_MSG_RESULT([no])] 27 | ) 28 | CFLAGS="$save_cflags $AM_CFLAGS" 29 | ]) 30 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/m4/ltversion.m4: -------------------------------------------------------------------------------- 1 | # ltversion.m4 -- version numbers -*- Autoconf -*- 2 | # 3 | # Copyright (C) 2004 Free Software Foundation, Inc. 4 | # Written by Scott James Remnant, 2004 5 | # 6 | # This file is free software; the Free Software Foundation gives 7 | # unlimited permission to copy and/or distribute it, with or without 8 | # modifications, as long as this notice is preserved. 9 | 10 | # @configure_input@ 11 | 12 | # serial 3337 ltversion.m4 13 | # This file is part of GNU Libtool 14 | 15 | m4_define([LT_PACKAGE_VERSION], [2.4.2]) 16 | m4_define([LT_PACKAGE_REVISION], [1.3337]) 17 | 18 | AC_DEFUN([LTVERSION_VERSION], 19 | [macro_version='2.4.2' 20 | macro_revision='1.3337' 21 | _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?]) 22 | _LT_DECL(, macro_revision, 0) 23 | ]) 24 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/ASN1_OBJECT_new.3: -------------------------------------------------------------------------------- 1 | .Dd $Mdocdate: September 9 2015 $ 2 | .Dt ASN1_OBJECT_NEW 3 3 | .Os 4 | .Sh NAME 5 | .Nm ASN1_OBJECT_new , 6 | .Nm ASN1_OBJECT_free 7 | .Nd ASN1 object allocation functions 8 | .Sh SYNOPSIS 9 | .In openssl/asn1.h 10 | .Ft ASN1_OBJECT * 11 | .Fo ASN1_OBJECT_new 12 | .Fa void 13 | .Fc 14 | .Ft void 15 | .Fo ASN1_OBJECT_free 16 | .Fa "ASN1_OBJECT *a" 17 | .Fc 18 | .Sh DESCRIPTION 19 | The ASN1_OBJECT allocation routines allocate and free an 20 | .Vt ASN1_OBJECT 21 | structure, which represents an ASN1 OBJECT IDENTIFIER. 22 | .Pp 23 | .Fn ASN1_OBJECT_new 24 | allocates and initializes an 25 | .Vt ASN1_OBJECT 26 | structure. 27 | .Pp 28 | .Fn ASN1_OBJECT_free 29 | frees up the 30 | .Vt ASN1_OBJECT 31 | structure 32 | .Fa a . 33 | .Sh NOTES 34 | Although 35 | .Fn ASN1_OBJECT_new 36 | allocates a new 37 | .Vt ASN1_OBJECT 38 | structure, it is almost never used in applications. 39 | The ASN1 object utility functions such as 40 | .Xr OBJ_nid2obj 3 41 | are used instead. 42 | .Sh RETURN VALUES 43 | If the allocation fails, 44 | .Fn ASN1_OBJECT_new 45 | returns 46 | .Dv NULL 47 | and sets an error code that can be obtained by 48 | .Xr ERR_get_error 3 . 49 | Otherwise it returns a pointer to the newly allocated structure. 50 | .Sh SEE ALSO 51 | .Xr d2i_ASN1_OBJECT 3 , 52 | .Xr ERR_get_error 3 , 53 | .Xr OBJ_nid2obj 3 54 | .Sh HISTORY 55 | .Fn ASN1_OBJECT_new 56 | and 57 | .Fn ASN1_OBJECT_free 58 | are available in all versions of SSLeay and OpenSSL. 59 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/ASN1_STRING_new.3: -------------------------------------------------------------------------------- 1 | .Dd $Mdocdate: July 17 2014 $ 2 | .Dt ASN1_STRING_NEW 3 3 | .Os 4 | .Sh NAME 5 | .Nm ASN1_STRING_new , 6 | .Nm ASN1_STRING_type_new , 7 | .Nm ASN1_STRING_free 8 | .Nd ASN1_STRING allocation functions 9 | .Sh SYNOPSIS 10 | .In openssl/asn1.h 11 | .Ft ASN1_STRING * 12 | .Fo ASN1_STRING_new 13 | .Fa void 14 | .Fc 15 | .Ft ASN1_STRING * 16 | .Fo ASN1_STRING_type_new 17 | .Fa "int type" 18 | .Fc 19 | .Ft void 20 | .Fo ASN1_STRING_free 21 | .Fa "ASN1_STRING *a" 22 | .Fc 23 | .Sh DESCRIPTION 24 | .Fn ASN1_STRING_new 25 | returns an allocated 26 | .Vt ASN1_STRING 27 | structure. 28 | Its type is undefined. 29 | .Pp 30 | .Fn ASN1_STRING_type_new 31 | returns an allocated 32 | .Vt ASN1_STRING 33 | structure of type 34 | .Fa type . 35 | .Pp 36 | .Fn ASN1_STRING_free 37 | frees up 38 | .Fa a . 39 | .Sh NOTES 40 | Other string types call the ASN1_STRING functions. 41 | For example 42 | .Fn ASN1_OCTET_STRING_new 43 | calls 44 | .Fn ASN1_STRING_type V_ASN1_OCTET_STRING . 45 | .Sh RETURN VALUES 46 | .Fn ASN1_STRING_new 47 | and 48 | .Fn ASN1_STRING_type_new 49 | return a valid 50 | .Vt ASN1_STRING 51 | structure or 52 | .Dv NULL 53 | if an error occurred. 54 | .Pp 55 | .Fn ASN1_STRING_free 56 | does not return a value. 57 | .Sh SEE ALSO 58 | .Xr ERR_get_error 3 59 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/BIO_f_null.3: -------------------------------------------------------------------------------- 1 | .Dd $Mdocdate: July 17 2014 $ 2 | .Dt BIO_F_NULL 3 3 | .Os 4 | .Sh NAME 5 | .Nm BIO_f_null 6 | .Nd null filter 7 | .Sh SYNOPSIS 8 | .In openssl/bio.h 9 | .Ft BIO_METHOD * 10 | .Fo BIO_f_null 11 | .Fa void 12 | .Fc 13 | .Sh DESCRIPTION 14 | .Fn BIO_f_null 15 | returns the null filter BIO method. 16 | This is a filter BIO that does nothing. 17 | .Pp 18 | All requests to a null filter BIO are passed through to the next BIO 19 | in the chain: this means that a BIO chain containing a null filter BIO 20 | behaves just as though the BIO was not there. 21 | .Sh NOTES 22 | As may be apparent, a null filter BIO is not particularly useful. 23 | .Sh RETURN VALUES 24 | .Fn BIO_f_null 25 | returns the null filter BIO method. 26 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/BIO_s_null.3: -------------------------------------------------------------------------------- 1 | .Dd $Mdocdate: July 17 2014 $ 2 | .Dt BIO_S_NULL 3 3 | .Os 4 | .Sh NAME 5 | .Nm BIO_s_null 6 | .Nd null data sink 7 | .Sh SYNOPSIS 8 | .In openssl/bio.h 9 | .Ft BIO_METHOD * 10 | .Fo BIO_s_null 11 | .Fa void 12 | .Fc 13 | .Sh DESCRIPTION 14 | .Fn BIO_s_null 15 | returns the null sink BIO method. 16 | Data written to the null sink is discarded, reads return EOF. 17 | .Sh NOTES 18 | A null sink BIO behaves in a similar manner to the 19 | .Xr null 4 20 | device. 21 | .Pp 22 | A null bio can be placed on the end of a chain to discard any data 23 | passed through it. 24 | .Pp 25 | A null sink is useful if, for example, an application wishes 26 | to digest some data by writing through a digest bio 27 | but not send the digested data anywhere. 28 | Since a BIO chain must normally include a source/sink BIO, 29 | this can be achieved by adding a null sink BIO to the end of the chain. 30 | .Sh RETURN VALUES 31 | .Fn BIO_s_null 32 | returns the null sink BIO method. 33 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/BN_copy.3: -------------------------------------------------------------------------------- 1 | .Dd $Mdocdate: April 03 2000 $ 2 | .Dt BN_COPY 3 3 | .Os 4 | .Sh NAME 5 | .Nm BN_copy , 6 | .Nm BN_dup 7 | .Nd copy BIGNUMs 8 | .Sh SYNOPSIS 9 | .In openssl/bn.h 10 | .Ft BIGNUM * 11 | .Fo BN_copy 12 | .Fa "BIGNUM *to" 13 | .Fa "const BIGNUM *from" 14 | .Fc 15 | .Ft BIGNUM * 16 | .Fo BN_dup 17 | .Fa "const BIGNUM *from" 18 | .Fc 19 | .Sh DESCRIPTION 20 | .Fn BN_copy 21 | copies 22 | .Fa from 23 | to 24 | .Fa to . 25 | .Fn BN_dup 26 | creates a new 27 | .Vt BIGNUM 28 | containing the value 29 | .Fa from . 30 | .Sh RETURN VALUES 31 | .Fn BN_copy 32 | returns 33 | .Fa to 34 | on success, 35 | .Dv NULL 36 | on error. 37 | .Fn BN_dup 38 | returns the new 39 | .Vt BIGNUM , 40 | or 41 | .Dv NULL 42 | on error. 43 | The error codes can be obtained by 44 | .Xr ERR_get_error 3 . 45 | .Sh SEE ALSO 46 | .Xr bn 3 , 47 | .Xr ERR_get_error 3 48 | .Sh HISTORY 49 | .Fn BN_copy 50 | and 51 | .Fn BN_dup 52 | are available in all versions of SSLeay and OpenSSL. 53 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/BN_mod_inverse.3: -------------------------------------------------------------------------------- 1 | .Dd $Mdocdate: June 16 2014 $ 2 | .Dt BN_MOD_INVERSE 3 3 | .Os 4 | .Sh NAME 5 | .Nm BN_mod_inverse 6 | .Nd compute inverse modulo n 7 | .Sh SYNOPSIS 8 | .In openssl/bn.h 9 | .Ft BIGNUM * 10 | .Fo BN_mod_inverse 11 | .Fa "BIGNUM *r" 12 | .Fa "BIGNUM *a" 13 | .Fa "const BIGNUM *n" 14 | .Fa "BN_CTX *ctx" 15 | .Fc 16 | .Sh DESCRIPTION 17 | .Fn BN_mod_inverse 18 | computes the inverse of 19 | .Fa a 20 | modulo 21 | .Fa n 22 | add places the result in 23 | .Fa r 24 | .Pq Li (a*r)%n==1 . 25 | If 26 | .Fa r 27 | is 28 | .Dv NULL , 29 | a new 30 | .Vt BIGNUM 31 | is created. 32 | .Pp 33 | .Fa ctx 34 | is a previously allocated 35 | .Vt BN_CTX 36 | used for temporary variables. 37 | .Fa r 38 | may be the same 39 | .Vt BIGNUM 40 | as 41 | .Fa a 42 | or 43 | .Fa n . 44 | .Sh RETURN VALUES 45 | .Fn BN_mod_inverse 46 | returns the 47 | .Vt BIGNUM 48 | containing the inverse, or 49 | .Dv NULL 50 | on error. 51 | The error codes can be obtained by 52 | .Xr ERR_get_error 3 . 53 | .Sh SEE ALSO 54 | .Xr bn 3 , 55 | .Xr BN_add 3 , 56 | .Xr ERR_get_error 3 57 | .Sh HISTORY 58 | .Fn BN_mod_inverse 59 | is available in all versions of SSLeay and OpenSSL. 60 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/BN_swap.3: -------------------------------------------------------------------------------- 1 | .Dd $Mdocdate: June 16 2014 $ 2 | .Dt BN_SWAP 3 3 | .Os 4 | .Sh NAME 5 | .Nm BN_swap 6 | .Nd exchange BIGNUMs 7 | .Sh SYNOPSIS 8 | .In openssl/bn.h 9 | .Ft void 10 | .Fo BN_swap 11 | .Fa "BIGNUM *a" 12 | .Fa "BIGNUM *b" 13 | .Fc 14 | .Sh DESCRIPTION 15 | .Fn BN_swap 16 | exchanges the values of 17 | .Fa a 18 | and 19 | .Fa b . 20 | .Sh SEE ALSO 21 | .Xr bn 3 22 | .Sh HISTORY 23 | BN_swap was added in OpenSSL 0.9.7. 24 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/CMS_final.3: -------------------------------------------------------------------------------- 1 | .Dd $Mdocdate: March 21 2015 $ 2 | .Dt CMS_FINAL 3 3 | .Os 4 | .Sh NAME 5 | .Nm CMS_final 6 | .Nd finalise a CMS_ContentInfo structure 7 | .Sh SYNOPSIS 8 | .In openssl/cms.h 9 | .Ft int 10 | .Fo CMS_final 11 | .Fa "CMS_ContentInfo *cms" 12 | .Fa "BIO *data" 13 | .Fa "BIO *dcont" 14 | .Fa "unsigned int flags" 15 | .Fc 16 | .Sh DESCRIPTION 17 | .Fn CMS_final 18 | finalises the structure 19 | .Fa cms . 20 | Its purpose is to perform any operations necessary on 21 | .Fa cms 22 | (digest computation for example) and set the appropriate fields. 23 | The parameter 24 | .Fa data 25 | contains the content to be processed. 26 | The 27 | .Fa dcont 28 | parameter contains a 29 | .Vt BIO 30 | to write content to after processing: this is 31 | only used with detached data and will usually be set to 32 | .Dv NULL . 33 | .Sh NOTES 34 | This function will normally be called when the 35 | .Dv CMS_PARTIAL 36 | flag is used. 37 | It should only be used when streaming is not performed because the 38 | streaming I/O functions perform finalisation operations internally. 39 | .Sh RETURN VALUES 40 | .Fn CMS_final 41 | returns 1 for success or 0 for failure. 42 | .Sh SEE ALSO 43 | .Xr CMS_encrypt 3 , 44 | .Xr CMS_sign 3 , 45 | .Xr ERR_get_error 3 46 | .Sh HISTORY 47 | .Fn CMS_final 48 | was added to OpenSSL 0.9.8. 49 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/CMS_verify_receipt.3: -------------------------------------------------------------------------------- 1 | .Dd $Mdocdate: March 21 2015 $ 2 | .Dt CMS_VERIFY_RECEIPT 3 3 | .Os 4 | .Sh NAME 5 | .Nm CMS_verify_receipt 6 | .Nd verify a CMS signed receipt 7 | .Sh SYNOPSIS 8 | .In openssl/cms.h 9 | .Ft int 10 | .Fo CMS_verify_receipt 11 | .Fa "CMS_ContentInfo *rcms" 12 | .Fa "CMS_ContentInfo *ocms" 13 | .Fa "STACK_OF(X509) *certs" 14 | .Fa "X509_STORE *store" 15 | .Fa "unsigned int flags" 16 | .Fc 17 | .Sh DESCRIPTION 18 | .Fn CMS_verify_receipt 19 | verifies a CMS signed receipt. 20 | .Fa rcms 21 | is the signed receipt to verify. 22 | .Fa ocms 23 | is the original SignedData structure containing the receipt request. 24 | .Fa certs 25 | is a set of certificates in which to search for the signing certificate. 26 | .Fa store 27 | is a trusted certificate store (used for chain verification). 28 | .Pp 29 | .Fa flags 30 | is an optional set of flags, which can be used to modify the verify 31 | operation. 32 | .Sh NOTES 33 | This functions behaves in a similar way to 34 | .Xr CMS_verify 3 35 | except the flag values 36 | .Dv CMS_DETACHED , 37 | .Dv CMS_BINARY , 38 | .Dv CMS_TEXT , 39 | and 40 | .Dv CMS_STREAM 41 | are not supported since they do not make sense in the context of signed 42 | receipts. 43 | .Sh RETURN VALUES 44 | .Fn CMS_verify_receipt 45 | returns 1 for a successful verification and zero if an error occurred. 46 | .Pp 47 | The error can be obtained from 48 | .Xr ERR_get_error 3 . 49 | .Sh SEE ALSO 50 | .Xr CMS_sign_receipt 3 , 51 | .Xr CMS_verify 3 , 52 | .Xr ERR_get_error 3 53 | .Sh HISTORY 54 | .Fn CMS_verify_receipt 55 | was added to OpenSSL 0.9.8. 56 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | install(DIRECTORY . 2 | DESTINATION share/man/man3 3 | FILES_MATCHING PATTERN "*.3" 4 | ) 5 | 6 | install(DIRECTORY . 7 | DESTINATION share/man/man1 8 | FILES_MATCHING PATTERN "*.1" 9 | ) 10 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/CONF_modules_free.3: -------------------------------------------------------------------------------- 1 | .Dd $Mdocdate: March 21 2015 $ 2 | .Dt CONF_MODULES_FREE 3 3 | .Os 4 | .Sh NAME 5 | .Nm CONF_modules_free , 6 | .Nm CONF_modules_finish , 7 | .Nm CONF_modules_unload 8 | .Nd OpenSSL configuration cleanup functions 9 | .Sh SYNOPSIS 10 | .In openssl/conf.h 11 | .Ft void 12 | .Fo CONF_modules_free 13 | .Fa void 14 | .Fc 15 | .Ft void 16 | .Fo CONF_modules_finish 17 | .Fa void 18 | .Fc 19 | .Ft void 20 | .Fo CONF_modules_unload 21 | .Fa "int all" 22 | .Fc 23 | .Sh DESCRIPTION 24 | .Fn CONF_modules_free 25 | closes down and frees up all memory allocated by all configuration 26 | modules. 27 | .Pp 28 | .Fn CONF_modules_finish 29 | calls the configuration 30 | .Sy finish 31 | handler of each configuration module to free up any configuration 32 | that module may have performed. 33 | .Pp 34 | .Fn CONF_modules_unload 35 | finishes and unloads configuration modules. 36 | If 37 | .Fa all 38 | is set to 0, only modules loaded from DSOs will be unloaded. 39 | If 40 | .Fa all 41 | is 1, all modules, including builtin modules, will be unloaded. 42 | .Sh NOTES 43 | Normally applications will only call 44 | .Fn CONF_modules_free 45 | at application to tidy up any configuration performed. 46 | .Sh RETURN VALUE 47 | None of the functions return a value. 48 | .Sh SEE ALSO 49 | .Xr CONF_modules_load_file 3 , 50 | .Xr OPENSSL_config 3 51 | .Sh HISTORY 52 | .Fn CONF_modules_free , 53 | .Fn CONF_modules_unload , 54 | and 55 | .Fn CONF_modules_finish 56 | first appeared in OpenSSL 0.9.7. 57 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/SSL_CTX_add_extra_chain_cert.3: -------------------------------------------------------------------------------- 1 | .\" 2 | .\" $OpenBSD$ 3 | .\" 4 | .Dd $Mdocdate: October 12 2014 $ 5 | .Dt SSL_CTX_ADD_EXTRA_CHAIN_CERT 3 6 | .Os 7 | .Sh NAME 8 | .Nm SSL_CTX_add_extra_chain_cert 9 | .Nd add certificate to chain 10 | .Sh SYNOPSIS 11 | .In openssl/ssl.h 12 | .Ft long 13 | .Fn SSL_CTX_add_extra_chain_cert "SSL_CTX ctx" "X509 *x509" 14 | .Sh DESCRIPTION 15 | .Fn SSL_CTX_add_extra_chain_cert 16 | adds the certificate 17 | .Fa x509 18 | to the certificate chain presented together with the certificate. 19 | Several certificates can be added one after the other. 20 | .Sh NOTES 21 | When constructing the certificate chain, the chain will be formed from 22 | these certificates explicitly specified. 23 | If no chain is specified, the library will try to complete the chain from the 24 | available CA certificates in the trusted CA storage, see 25 | .Xr SSL_CTX_load_verify_locations 3 . 26 | .Pp 27 | The x509 certificate provided to 28 | .Fn SSL_CTX_add_extra_chain_cert 29 | will be freed by the library when the 30 | .Vt SSL_CTX 31 | is destroyed. 32 | An application 33 | .Em should not 34 | free the 35 | .Fa x509 36 | object. 37 | .Sh RETURN VALUES 38 | .Fn SSL_CTX_add_extra_chain_cert 39 | returns 1 on success. 40 | Check out the error stack to find out the reason for failure otherwise. 41 | .Sh SEE ALSO 42 | .Xr ssl 3 , 43 | .Xr SSL_CTX_load_verify_locations 3 , 44 | .Xr SSL_CTX_set_client_cert_cb 3 , 45 | .Xr SSL_CTX_use_certificate 3 46 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/SSL_CTX_ctrl.3: -------------------------------------------------------------------------------- 1 | .\" 2 | .\" $OpenBSD$ 3 | .\" 4 | .Dd $Mdocdate: October 12 2014 $ 5 | .Dt SSL_CTX_CTRL 3 6 | .Os 7 | .Sh NAME 8 | .Nm SSL_CTX_ctrl , 9 | .Nm SSL_CTX_callback_ctrl , 10 | .Nm SSL_ctrl , 11 | .Nm SSL_callback_ctrl 12 | .Nd internal handling functions for SSL_CTX and SSL objects 13 | .Sh SYNOPSIS 14 | .In openssl/ssl.h 15 | .Ft long 16 | .Fn SSL_CTX_ctrl "SSL_CTX *ctx" "int cmd" "long larg" "void *parg" 17 | .Ft long 18 | .Fn SSL_CTX_callback_ctrl "SSL_CTX *" "int cmd" "void (*fp)()" 19 | .Ft long 20 | .Fn SSL_ctrl "SSL *ssl" "int cmd" "long larg" "void *parg" 21 | .Ft long 22 | .Fn SSL_callback_ctrl "SSL *" "int cmd" "void (*fp)()" 23 | .Sh DESCRIPTION 24 | The 25 | .Fn SSL_*_ctrl 26 | family of functions is used to manipulate settings of 27 | the 28 | .Vt SSL_CTX 29 | and 30 | .Vt SSL 31 | objects. 32 | Depending on the command 33 | .Fa cmd 34 | the arguments 35 | .Fa larg , 36 | .Fa parg , 37 | or 38 | .Fa fp 39 | are evaluated. 40 | These functions should never be called directly. 41 | All functionalities needed are made available via other functions or macros. 42 | .Sh RETURN VALUES 43 | The return values of the 44 | .Fn SSL*_ctrl 45 | functions depend on the command supplied via the 46 | .Fn cmd 47 | parameter. 48 | .Sh SEE ALSO 49 | .Xr ssl 3 50 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/SSL_CTX_free.3: -------------------------------------------------------------------------------- 1 | .\" 2 | .\" $OpenBSD: SSL_CTX_free.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ 3 | .\" 4 | .Dd $Mdocdate: December 2 2014 $ 5 | .Dt SSL_CTX_FREE 3 6 | .Os 7 | .Sh NAME 8 | .Nm SSL_CTX_free 9 | .Nd free an allocated SSL_CTX object 10 | .Sh SYNOPSIS 11 | .In openssl/ssl.h 12 | .Ft void 13 | .Fn SSL_CTX_free "SSL_CTX *ctx" 14 | .Sh DESCRIPTION 15 | .Fn SSL_CTX_free 16 | decrements the reference count of 17 | .Fa ctx , 18 | and removes the 19 | .Vt SSL_CTX 20 | object pointed to by 21 | .Fa ctx 22 | and frees up the allocated memory if the reference count has reached 0. 23 | If 24 | .Fa ctx 25 | is a 26 | .Dv NULL 27 | pointer, no action occurs. 28 | .Pp 29 | It also calls the 30 | .Xr free 3 Ns ing 31 | procedures for indirectly affected items, if applicable: 32 | the session cache, the list of ciphers, the list of Client CAs, 33 | the certificates and keys. 34 | .Sh WARNINGS 35 | If a session-remove callback is set 36 | .Pq Xr SSL_CTX_sess_set_remove_cb 3 , 37 | this callback will be called for each session being freed from 38 | .Fa ctx Ns 's 39 | session cache. 40 | This implies that all corresponding sessions from an external session cache are 41 | removed as well. 42 | If this is not desired, the user should explicitly unset the callback by 43 | calling 44 | .Fn SSL_CTX_sess_set_remove_cb ctx NULL 45 | prior to calling 46 | .Fn SSL_CTX_free . 47 | .Sh RETURN VALUES 48 | .Fn SSL_CTX_free 49 | does not provide diagnostic information. 50 | .Sh SEE ALSO 51 | .Xr ssl 3 , 52 | .Xr SSL_CTX_new 3 , 53 | .Xr SSL_CTX_sess_set_get_cb 3 54 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/SSL_CTX_sessions.3: -------------------------------------------------------------------------------- 1 | .\" 2 | .\" $OpenBSD: SSL_CTX_sessions.3,v 1.2 2014/12/02 14:11:01 jmc Exp $ 3 | .\" 4 | .Dd $Mdocdate: December 2 2014 $ 5 | .Dt SSL_CTX_SESSIONS 3 6 | .Os 7 | .Sh NAME 8 | .Nm SSL_CTX_sessions 9 | .Nd access internal session cache 10 | .Sh SYNOPSIS 11 | .In openssl/ssl.h 12 | .Ft struct lhash_st * 13 | .Fn SSL_CTX_sessions "SSL_CTX *ctx" 14 | .Sh DESCRIPTION 15 | .Fn SSL_CTX_sessions 16 | returns a pointer to the lhash databases containing the internal session cache 17 | for 18 | .Fa ctx . 19 | .Sh NOTES 20 | The sessions in the internal session cache are kept in an 21 | lhash-type database 22 | (see 23 | .Xr lh_new 3 ) . 24 | It is possible to directly access this database, e.g., for searching. 25 | In parallel, 26 | the sessions form a linked list which is maintained separately from the 27 | lhash operations, 28 | so that the database must not be modified directly but by using the 29 | .Xr SSL_CTX_add_session 3 30 | family of functions. 31 | .Sh SEE ALSO 32 | .Xr lh_new 3 , 33 | .Xr ssl 3 , 34 | .Xr SSL_CTX_add_session 3 , 35 | .Xr SSL_CTX_set_session_cache_mode 3 36 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/SSL_get_SSL_CTX.3: -------------------------------------------------------------------------------- 1 | .\" 2 | .\" $OpenBSD$ 3 | .\" 4 | .Dd $Mdocdate: October 12 2014 $ 5 | .Dt SSL_GET_SSL_CTX 3 6 | .Os 7 | .Sh NAME 8 | .Nm SSL_get_SSL_CTX 9 | .Nd get the SSL_CTX from which an SSL is created 10 | .Sh SYNOPSIS 11 | .In openssl/ssl.h 12 | .Ft SSL_CTX * 13 | .Fn SSL_get_SSL_CTX "const SSL *ssl" 14 | .Sh DESCRIPTION 15 | .Fn SSL_get_SSL_CTX 16 | returns a pointer to the 17 | .Vt SSL_CTX 18 | object from which 19 | .Fa ssl 20 | was created with 21 | .Xr SSL_new 3 . 22 | .Sh RETURN VALUES 23 | The pointer to the 24 | .Vt SSL_CTX 25 | object is returned. 26 | .Sh SEE ALSO 27 | .Xr ssl 3 , 28 | .Xr SSL_new 3 29 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/SSL_get_ciphers.3: -------------------------------------------------------------------------------- 1 | .\" 2 | .\" $OpenBSD$ 3 | .\" 4 | .Dd $Mdocdate: October 12 2014 $ 5 | .Dt SSL_GET_CIPHERS 3 6 | .Os 7 | .Sh NAME 8 | .Nm SSL_get_ciphers , 9 | .Nm SSL_get_cipher_list 10 | .Nd get list of available SSL_CIPHERs 11 | .Sh SYNOPSIS 12 | .In openssl/ssl.h 13 | .Ft STACK_OF(SSL_CIPHER) * 14 | .Fn SSL_get_ciphers "const SSL *ssl" 15 | .Ft const char * 16 | .Fn SSL_get_cipher_list "const SSL *ssl" "int priority" 17 | .Sh DESCRIPTION 18 | .Fn SSL_get_ciphers 19 | returns the stack of available 20 | .Vt SSL_CIPHER Ns s 21 | for 22 | .Fa ssl , 23 | sorted by preference. 24 | If 25 | .Fa ssl 26 | is 27 | .Dv NULL 28 | or no ciphers are available, 29 | .Dv NULL 30 | is returned. 31 | .Pp 32 | .Fn SSL_get_cipher_list 33 | returns a pointer to the name of the 34 | .Vt SSL_CIPHER 35 | listed for 36 | .Fa ssl 37 | with 38 | .Fa priority . 39 | If 40 | .Fa ssl 41 | is 42 | .Dv NULL , 43 | no ciphers are available, or there are fewer ciphers than 44 | .Fa priority 45 | available, 46 | .Dv NULL 47 | is returned. 48 | .Sh NOTES 49 | The details of the ciphers obtained by 50 | .Fn SSL_get_ciphers 51 | can be obtained using the 52 | .Xr SSL_CIPHER_get_name 3 53 | family of functions. 54 | .Pp 55 | Call 56 | .Fn SSL_get_cipher_list 57 | with 58 | .Fa priority 59 | starting from 0 to obtain the sorted list of available ciphers, until 60 | .Dv NULL 61 | is returned. 62 | .Sh RETURN VALUES 63 | See 64 | .Sx DESCRIPTION . 65 | .Sh SEE ALSO 66 | .Xr ssl 3 , 67 | .Xr SSL_CIPHER_get_name 3 , 68 | .Xr SSL_CTX_set_cipher_list 3 69 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/SSL_get_default_timeout.3: -------------------------------------------------------------------------------- 1 | .\" 2 | .\" $OpenBSD$ 3 | .\" 4 | .Dd $Mdocdate: October 12 2014 $ 5 | .Dt SSL_GET_DEFAULT_TIMEOUT 3 6 | .Os 7 | .Sh NAME 8 | .Nm SSL_get_default_timeout 9 | .Nd get default session timeout value 10 | .Sh SYNOPSIS 11 | .In openssl/ssl.h 12 | .Ft long 13 | .Fn SSL_get_default_timeout "const SSL *ssl" 14 | .Sh DESCRIPTION 15 | .Fn SSL_get_default_timeout 16 | returns the default timeout value assigned to 17 | .Vt SSL_SESSION 18 | objects negotiated for the protocol valid for 19 | .Fa ssl . 20 | .Sh NOTES 21 | Whenever a new session is negotiated, it is assigned a timeout value, 22 | after which it will not be accepted for session reuse. 23 | If the timeout value was not explicitly set using 24 | .Xr SSL_CTX_set_timeout 3 , 25 | the hardcoded default timeout for the protocol will be used. 26 | .Pp 27 | .Fn SSL_get_default_timeout 28 | return this hardcoded value, which is 300 seconds for all currently supported 29 | protocols (SSLv2, SSLv3, and TLSv1). 30 | .Sh RETURN VALUES 31 | See description. 32 | .Sh SEE ALSO 33 | .Xr ssl 3 , 34 | .Xr SSL_CTX_flush_sessions 3 , 35 | .Xr SSL_CTX_set_session_cache_mode 3 , 36 | .Xr SSL_SESSION_get_time 3 37 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/SSL_get_fd.3: -------------------------------------------------------------------------------- 1 | .\" 2 | .\" $OpenBSD$ 3 | .\" 4 | .Dd $Mdocdate: October 12 2014 $ 5 | .Dt SSL_GET_FD 3 6 | .Os 7 | .Sh NAME 8 | .Nm SSL_get_fd , 9 | .Nm SSL_get_rfd , 10 | .Nm SSL_get_wfd 11 | .Nd get file descriptor linked to an SSL object 12 | .Sh SYNOPSIS 13 | .In openssl/ssl.h 14 | .Ft int 15 | .Fn SSL_get_fd "const SSL *ssl" 16 | .Ft int 17 | .Fn SSL_get_rfd "const SSL *ssl" 18 | .Ft int 19 | .Fn SSL_get_wfd "const SSL *ssl" 20 | .Sh DESCRIPTION 21 | .Fn SSL_get_fd 22 | returns the file descriptor which is linked to 23 | .Fa ssl . 24 | .Fn SSL_get_rfd 25 | and 26 | .Fn SSL_get_wfd 27 | return the file descriptors for the read or the write channel, 28 | which can be different. 29 | If the read and the write channel are different, 30 | .Fn SSL_get_fd 31 | will return the file descriptor of the read channel. 32 | .Sh RETURN VALUES 33 | The following return values can occur: 34 | .Bl -tag -width Ds 35 | .It \(mi1 36 | The operation failed, because the underlying 37 | .Vt BIO 38 | is not of the correct type (suitable for file descriptors). 39 | .It \(>=0 40 | The file descriptor linked to 41 | .Fa ssl . 42 | .El 43 | .Sh SEE ALSO 44 | .Xr bio 3 , 45 | .Xr ssl 3 , 46 | .Xr SSL_set_fd 3 47 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/SSL_get_psk_identity.3: -------------------------------------------------------------------------------- 1 | .\" 2 | .\" $OpenBSD$ 3 | .\" 4 | .Dd $Mdocdate: October 12 2014 $ 5 | .Dt SSL_GET_PSK_IDENTITY 3 6 | .Os 7 | .Sh NAME 8 | .Nm SSL_get_psk_identity , 9 | .Nm SSL_get_psk_identity_hint 10 | .Nd get PSK client identity and hint 11 | .Sh SYNOPSIS 12 | .In openssl/ssl.h 13 | .Ft const char * 14 | .Fn SSL_get_psk_identity_hint "const SSL *ssl" 15 | .Ft const char * 16 | .Fn SSL_get_psk_identity "const SSL *ssl" 17 | .Sh DESCRIPTION 18 | .Fn SSL_get_psk_identity_hint 19 | is used to retrieve the PSK identity hint used during the connection setup 20 | related to 21 | .Vt SSL 22 | object 23 | .Fa ssl . 24 | Similarly, 25 | .Fn SSL_get_psk_identity 26 | is used to retrieve the PSK identity used during the connection setup. 27 | .Sh RETURN VALUES 28 | If 29 | .Pf non- Dv NULL , 30 | .Fn SSL_get_psk_identity_hint 31 | returns the PSK identity hint and 32 | .Fn SSL_get_psk_identity 33 | returns the PSK identity. 34 | Both are 35 | .Dv NULL Ns -terminated. 36 | .Fn SSL_get_psk_identity_hint 37 | may return 38 | .Dv NULL 39 | if no PSK identity hint was used during the connection setup. 40 | .Pp 41 | Note that the return value is valid only during the lifetime of the 42 | .Vt SSL 43 | object 44 | .Fa ssl . 45 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/SSL_get_rbio.3: -------------------------------------------------------------------------------- 1 | .\" 2 | .\" $OpenBSD$ 3 | .\" 4 | .Dd $Mdocdate: October 12 2014 $ 5 | .Dt SSL_GET_RBIO 3 6 | .Os 7 | .Sh NAME 8 | .Nm SSL_get_rbio , 9 | .Nm SSL_get_wbio 10 | .Nd get BIO linked to an SSL object 11 | .Sh SYNOPSIS 12 | .In openssl/ssl.h 13 | .Ft BIO * 14 | .Fn SSL_get_rbio "SSL *ssl" 15 | .Ft BIO * 16 | .Fn SSL_get_wbio "SSL *ssl" 17 | .Sh DESCRIPTION 18 | .Fn SSL_get_rbio 19 | and 20 | .Fn SSL_get_wbio 21 | return pointers to the 22 | .Vt BIO Ns s 23 | for the read or the write channel, which can be different. 24 | The reference count of the 25 | .Vt BIO 26 | is not incremented. 27 | .Sh RETURN VALUES 28 | The following return values can occur: 29 | .Bl -tag -width Ds 30 | .It Dv NULL 31 | No 32 | .Vt BIO 33 | was connected to the 34 | .Vt SSL 35 | object. 36 | .It Any other pointer 37 | The 38 | .Vt BIO 39 | linked to 40 | .Fa ssl . 41 | .El 42 | .Sh SEE ALSO 43 | .Xr bio 3 , 44 | .Xr ssl 3 , 45 | .Xr SSL_set_bio 3 46 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/SSL_get_version.3: -------------------------------------------------------------------------------- 1 | .\" 2 | .\" $OpenBSD$ 3 | .\" 4 | .Dd $Mdocdate: October 12 2014 $ 5 | .Dt SSL_GET_VERSION 3 6 | .Os 7 | .Sh NAME 8 | .Nm SSL_get_version 9 | .Nd get the protocol version of a connection 10 | .Sh SYNOPSIS 11 | .In openssl/ssl.h 12 | .Ft const char * 13 | .Fn SSL_get_version "const SSL *ssl" 14 | .Sh DESCRIPTION 15 | .Fn SSL_get_version 16 | returns the name of the protocol used for the connection 17 | .Fa ssl . 18 | .Sh RETURN VALUES 19 | The following strings can be returned: 20 | .Bl -tag -width Ds 21 | .It Qq SSLv2 22 | The connection uses the SSLv2 protocol. 23 | .It Qq SSLv3 24 | The connection uses the SSLv3 protocol. 25 | .It Qq TLSv1 26 | The connection uses the TLSv1.0 protocol. 27 | .It Qq TLSv1.1 28 | The connection uses the TLSv1.1 protocol. 29 | .It Qq TLSv1.2 30 | The connection uses the TLSv1.2 protocol. 31 | .It Qq unknown 32 | This indicates that no version has been set (no connection established). 33 | .El 34 | .Sh SEE ALSO 35 | .Xr ssl 3 36 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/SSL_new.3: -------------------------------------------------------------------------------- 1 | .\" 2 | .\" $OpenBSD$ 3 | .\" 4 | .Dd $Mdocdate: October 12 2014 $ 5 | .Dt SSL_NEW 3 6 | .Os 7 | .Sh NAME 8 | .Nm SSL_new 9 | .Nd create a new SSL structure for a connection 10 | .Sh SYNOPSIS 11 | .In openssl/ssl.h 12 | .Ft SSL * 13 | .Fn SSL_new "SSL_CTX *ctx" 14 | .Sh DESCRIPTION 15 | .Fn SSL_new 16 | creates a new 17 | .Vt SSL 18 | structure which is needed to hold the data for a TLS/SSL connection. 19 | The new structure inherits the settings of the underlying context 20 | .Fa ctx : 21 | connection method (SSLv2/v3/TLSv1), options, verification settings, 22 | timeout settings. 23 | .Sh RETURN VALUES 24 | The following return values can occur: 25 | .Bl -tag -width Ds 26 | .It Dv NULL 27 | The creation of a new 28 | .Vt SSL 29 | structure failed. 30 | Check the error stack to find out the reason. 31 | .It Pointer to an Vt SSL No structure 32 | The return value points to an allocated 33 | .Vt SSL 34 | structure. 35 | .El 36 | .Sh SEE ALSO 37 | .Xr ssl 3 , 38 | .Xr SSL_clear 3 , 39 | .Xr SSL_CTX_set_options 3 , 40 | .Xr SSL_free 3 , 41 | .Xr SSL_get_SSL_CTX 3 42 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/SSL_pending.3: -------------------------------------------------------------------------------- 1 | .\" 2 | .\" $OpenBSD$ 3 | .\" 4 | .Dd $Mdocdate: October 12 2014 $ 5 | .Dt SSL_PENDING 3 6 | .Os 7 | .Sh NAME 8 | .Nm SSL_pending 9 | .Nd obtain number of readable bytes buffered in an SSL object 10 | .Sh SYNOPSIS 11 | .In openssl/ssl.h 12 | .Ft int 13 | .Fn SSL_pending "const SSL *ssl" 14 | .Sh DESCRIPTION 15 | .Fn SSL_pending 16 | returns the number of bytes which are available inside 17 | .Fa ssl 18 | for immediate read. 19 | .Sh NOTES 20 | Data are received in blocks from the peer. 21 | Therefore data can be buffered inside 22 | .Fa ssl 23 | and are ready for immediate retrieval with 24 | .Xr SSL_read 3 . 25 | .Sh RETURN VALUES 26 | The number of bytes pending is returned. 27 | .Sh SEE ALSO 28 | .Xr ssl 3 , 29 | .Xr SSL_read 3 30 | .Sh BUGS 31 | .Fn SSL_pending 32 | takes into account only bytes from the TLS/SSL record that is currently being 33 | processed (if any). 34 | If the 35 | .Vt SSL 36 | object's 37 | .Em read_ahead 38 | flag is set, additional protocol bytes may have been read containing more 39 | TLS/SSL records; these are ignored by 40 | .Fn SSL_pending . 41 | .Pp 42 | Up to OpenSSL 0.9.6, 43 | .Fn SSL_pending 44 | does not check if the record type of pending data is application data. 45 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/SSL_session_reused.3: -------------------------------------------------------------------------------- 1 | .\" 2 | .\" $OpenBSD$ 3 | .\" 4 | .Dd $Mdocdate: October 12 2014 $ 5 | .Dt SSL_SESSION_REUSED 3 6 | .Os 7 | .Sh NAME 8 | .Nm SSL_session_reused 9 | .Nd query whether a reused session was negotiated during handshake 10 | .Sh SYNOPSIS 11 | .In openssl/ssl.h 12 | .Ft int 13 | .Fn SSL_session_reused "SSL *ssl" 14 | .Sh DESCRIPTION 15 | Query whether a reused session was negotiated during the handshake. 16 | .Sh NOTES 17 | During the negotiation, a client can propose to reuse a session. 18 | The server then looks up the session in its cache. 19 | If both client and server agree on the session, 20 | it will be reused and a flag is set that can be queried by the application. 21 | .Sh RETURN VALUES 22 | The following return values can occur: 23 | .Bl -tag -width Ds 24 | .It 0 25 | A new session was negotiated. 26 | .It 1 27 | A session was reused. 28 | .El 29 | .Sh SEE ALSO 30 | .Xr ssl 3 , 31 | .Xr SSL_CTX_set_session_cache_mode 3 , 32 | .Xr SSL_set_session 3 33 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/SSL_set_bio.3: -------------------------------------------------------------------------------- 1 | .\" 2 | .\" $OpenBSD$ 3 | .\" 4 | .Dd $Mdocdate: October 12 2014 $ 5 | .Dt SSL_SET_BIO 3 6 | .Os 7 | .Sh NAME 8 | .Nm SSL_set_bio 9 | .Nd connect the SSL object with a BIO 10 | .Sh SYNOPSIS 11 | .In openssl/ssl.h 12 | .Ft void 13 | .Fn SSL_set_bio "SSL *ssl" "BIO *rbio" "BIO *wbio" 14 | .Sh DESCRIPTION 15 | .Fn SSL_set_bio 16 | connects the 17 | .Vt BIO Ns 18 | s 19 | .Fa rbio 20 | and 21 | .Fa wbio 22 | for the read and write operations of the TLS/SSL (encrypted) side of 23 | .Fa ssl . 24 | .Pp 25 | The SSL engine inherits the behaviour of 26 | .Fa rbio 27 | and 28 | .Fa wbio , 29 | respectively. 30 | If a 31 | .Vt BIO 32 | is non-blocking, the 33 | .Fa ssl 34 | will also have non-blocking behaviour. 35 | .Pp 36 | If there was already a 37 | .Vt BIO 38 | connected to 39 | .Fa ssl , 40 | .Xr BIO_free 3 41 | will be called (for both the reading and writing side, if different). 42 | .Sh RETURN VALUES 43 | .Fn SSL_set_bio 44 | cannot fail. 45 | .Sh SEE ALSO 46 | .Xr bio 3 , 47 | .Xr ssl 3 , 48 | .Xr SSL_accept 3 , 49 | .Xr SSL_connect 3 , 50 | .Xr SSL_get_rbio 3 , 51 | .Xr SSL_shutdown 3 52 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/man/SSL_set_verify_result.3: -------------------------------------------------------------------------------- 1 | .\" 2 | .\" $OpenBSD$ 3 | .\" 4 | .Dd $Mdocdate: October 12 2014 $ 5 | .Dt SSL_SET_VERIFY_RESULT 3 6 | .Os 7 | .Sh NAME 8 | .Nm SSL_set_verify_result 9 | .Nd override result of peer certificate verification 10 | .Sh SYNOPSIS 11 | .In openssl/ssl.h 12 | .Ft void 13 | .Fn SSL_set_verify_result "SSL *ssl" "long verify_result" 14 | .Sh DESCRIPTION 15 | .Fn SSL_set_verify_result 16 | sets 17 | .Fa verify_result 18 | of the object 19 | .Fa ssl 20 | to be the result of the verification of the X509 certificate presented by the 21 | peer, if any. 22 | .Sh NOTES 23 | .Fn SSL_set_verify_result 24 | overrides the verification result. 25 | It only changes the verification result of the 26 | .Fa ssl 27 | object. 28 | It does not become part of the established session, so if the session is to be 29 | reused later, the original value will reappear. 30 | .Pp 31 | The valid codes for 32 | .Fa verify_result 33 | are documented in 34 | .Xr openssl 1 . 35 | .Sh RETURN VALUES 36 | .Fn SSL_set_verify_result 37 | does not provide a return value. 38 | .Sh SEE ALSO 39 | .Xr openssl 1 , 40 | .Xr ssl 3 , 41 | .Xr SSL_get_peer_certificate 3 , 42 | .Xr SSL_get_verify_result 3 43 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/openssl.pc.in: -------------------------------------------------------------------------------- 1 | #openssl pkg-config source file 2 | 3 | prefix=@prefix@ 4 | exec_prefix=@exec_prefix@ 5 | libdir=@libdir@ 6 | includedir=@includedir@ 7 | 8 | Name: LibreSSL 9 | Description: Secure Sockets Layer and cryptography libraries and tools 10 | Version: @VERSION@ 11 | Requires: libssl libcrypto 12 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/scripts/travis: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | ./autogen.sh 5 | 6 | if [ "x$ARCH" = "xnative" ]; then 7 | # test autotools 8 | ./configure 9 | make -j 4 distcheck 10 | 11 | # make distribution 12 | make dist 13 | tar zxvf libressl-*.tar.gz 14 | cd libressl-* 15 | mkdir build 16 | cd build 17 | 18 | # test cmake and ninja 19 | if [ `uname` = "Darwin" ]; then 20 | cmake .. 21 | make 22 | make test 23 | else 24 | sudo apt-get update 25 | sudo apt-get install -y python-software-properties 26 | sudo apt-add-repository -y ppa:kalakris/cmake 27 | sudo apt-get update 28 | sudo apt-get install -y cmake ninja-build 29 | cmake -GNinja .. 30 | ninja 31 | ninja test 32 | fi 33 | else 34 | CPU=i686 35 | if [ "x$ARCH" = "xmingw64" ]; then 36 | CPU=x86_64 37 | fi 38 | export CC=$CPU-w64-mingw32-gcc 39 | 40 | if [ -z $(which $CC) ]; then 41 | # Update Ubuntu 12.04 with current mingw toolchain 42 | sudo apt-get update 43 | sudo apt-get install -y python-software-properties 44 | sudo apt-add-repository -y ppa:tobydox/mingw-x-precise 45 | sudo apt-get update 46 | sudo apt-get install -y $ARCH-x-gcc make 47 | export PATH=$PATH:/opt/$ARCH/bin 48 | fi 49 | 50 | ./configure --host=$CPU-w64-mingw32 51 | make -j 52 | fi 53 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/scripts/wrap-compiler-for-flag-check: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This file is in the public domain. 4 | # https://github.com/kmcallister/autoharden/blob/c5c7842f39c2f8d19836bb5427d6479db4436d62/LICENSE 5 | # 6 | # From kmcallister: 7 | # https://github.com/kmcallister/autoharden/blob/efaf5a16612589808c276a11536ea9a47071f74b/scripts/wrap-compiler-for-flag-check 8 | 9 | # Prior to clang v5.1, there was no way to make 10 | # clang's "argument unused" warning fatal. This 11 | # wrapper script that greps for this warning message. Newer clang's have no issues. 12 | # 13 | # Ideally the search string would also include 'clang: ' but this output might 14 | # depend on clang's argv[0]. 15 | # 16 | set -o errexit 17 | set -o nounset 18 | 19 | if out=`"$@" 2>&1`; then 20 | echo "$out" 21 | if echo "$out" | grep 'warning: argument unused' >/dev/null; then 22 | echo "$0: found clang warning" 23 | exit 1 24 | else 25 | exit 0 26 | fi 27 | else 28 | code=$? 29 | echo "$out" 30 | exit $code 31 | fi 32 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/ssl/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories( 2 | . 3 | ../include 4 | ../include/compat 5 | ) 6 | 7 | set( 8 | SSL_SRC 9 | bio_ssl.c 10 | bs_ber.c 11 | bs_cbb.c 12 | bs_cbs.c 13 | d1_both.c 14 | d1_clnt.c 15 | d1_enc.c 16 | d1_lib.c 17 | d1_meth.c 18 | d1_pkt.c 19 | d1_srtp.c 20 | d1_srvr.c 21 | pqueue.c 22 | s23_clnt.c 23 | s23_lib.c 24 | s23_pkt.c 25 | s23_srvr.c 26 | s3_both.c 27 | s3_cbc.c 28 | s3_clnt.c 29 | s3_lib.c 30 | s3_pkt.c 31 | s3_srvr.c 32 | ssl_algs.c 33 | ssl_asn1.c 34 | ssl_cert.c 35 | ssl_ciph.c 36 | ssl_err.c 37 | ssl_err2.c 38 | ssl_lib.c 39 | ssl_rsa.c 40 | ssl_sess.c 41 | ssl_stat.c 42 | ssl_txt.c 43 | t1_clnt.c 44 | t1_enc.c 45 | t1_lib.c 46 | t1_meth.c 47 | t1_reneg.c 48 | t1_srvr.c 49 | ) 50 | 51 | if (BUILD_SHARED) 52 | add_library(ssl-objects OBJECT ${SSL_SRC}) 53 | add_library(ssl STATIC $) 54 | add_library(ssl-shared SHARED $) 55 | set_target_properties(ssl-shared PROPERTIES OUTPUT_NAME ssl) 56 | set_target_properties(ssl-shared PROPERTIES VERSION ${SSL_VERSION} 57 | SOVERSION ${SSL_MAJOR_VERSION}) 58 | install(TARGETS ssl ssl-shared DESTINATION lib) 59 | else() 60 | add_library(ssl STATIC ${SSL_SRC}) 61 | install(TARGETS ssl DESTINATION lib) 62 | endif() 63 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/ssl/VERSION: -------------------------------------------------------------------------------- 1 | 39:0:0 2 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/tests/aeadtest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | TEST=./aeadtest 4 | if [ -e ./aeadtest.exe ]; then 5 | TEST=./aeadtest.exe 6 | fi 7 | $TEST $srcdir/aeadtests.txt 8 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/tests/arc4randomforktest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | ./arc4randomforktest 4 | ./arc4randomforktest -b 5 | ./arc4randomforktest -p 6 | ./arc4randomforktest -bp 7 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/tests/evptest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | TEST=./evptest 4 | if [ -e ./evptest.exe ]; then 5 | TEST=./evptest.exe 6 | fi 7 | $TEST $srcdir/evptests.txt 8 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/tests/openssl.cnf: -------------------------------------------------------------------------------- 1 | # $OpenBSD: openssl.cnf,v 1.1 2014/08/26 17:50:07 jsing Exp $ 2 | 3 | # 4 | # SSLeay example configuration file. 5 | # This is mostly being used for generation of certificate requests. 6 | # 7 | # hacked by iang to do DSA certs - Server 8 | 9 | RANDFILE = ./.rnd 10 | 11 | #################################################################### 12 | [ req ] 13 | distinguished_name = req_distinguished_name 14 | encrypt_rsa_key = no 15 | 16 | [ req_distinguished_name ] 17 | countryName = Country Name (2 letter code) 18 | countryName_default = CA 19 | countryName_value = CA 20 | 21 | organizationName = Organization Name (eg, company) 22 | organizationName_value = Shake it Vera 23 | 24 | 0.commonName = Common Name (eg, YOUR name) 25 | 0.commonName_value = Wastelandus 26 | 27 | 1.commonName = Common Name (eg, YOUR name) 28 | 1.commonName_value = Maximus 29 | 30 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/tests/pidwraptest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | ./pidwraptest > pidwraptest.txt 3 | while read a b; 4 | do 5 | if [ "$a" = "$b" ]; then 6 | echo "FAIL: $a = $b" 7 | return 2 8 | else 9 | echo "PASS: $a != $b" 10 | fi 11 | done < pidwraptest.txt 12 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/tests/pq_expected.txt: -------------------------------------------------------------------------------- 1 | item 6966726167696c69 2 | item 7374696365787069 3 | item 737570657263616c 4 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/tests/pq_test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | TEST=./pq_test 4 | if [ -e ./pq_test.exe ]; then 5 | TEST=./pq_test.exe 6 | fi 7 | $TEST | diff -b $srcdir/pq_expected.txt - 8 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/tests/rfc5280time_small.test: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | echo 1..2 4 | TEST=./rfc5280time 5 | if [ -e ./rfc5280time.exe ]; then 6 | TEST=./rfc5280time.exe 7 | fi 8 | $TEST 9 | echo "ok 1" 10 | echo "ok 2 - rfc5280time_64-bit # SKIP this system is unable to represent times past 2038" 11 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/tests/ssltest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | ssltest_bin=./ssltest 5 | if [ -e ./ssltest.exe ]; then 6 | ssltest_bin=./ssltest.exe 7 | fi 8 | 9 | if [ -d ../apps/openssl ]; then 10 | openssl_bin=../apps/openssl/openssl 11 | if [ -e ../apps/openssl/openssl.exe ]; then 12 | openssl_bin=../apps/openssl/openssl.exe 13 | fi 14 | else 15 | openssl_bin=../apps/openssl 16 | if [ -e ../apps/openssl.exe ]; then 17 | openssl_bin=../apps/openssl.exe 18 | fi 19 | fi 20 | 21 | if [ -z $srcdir ]; then 22 | srcdir=. 23 | fi 24 | 25 | $srcdir/testssl $srcdir/server.pem $srcdir/server.pem $srcdir/ca.pem \ 26 | $ssltest_bin $openssl_bin 27 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/tests/testdsa.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # $OpenBSD: testdsa.sh,v 1.1 2014/08/26 17:50:07 jsing Exp $ 3 | 4 | 5 | #Test DSA certificate generation of openssl 6 | 7 | if [ -d ../apps/openssl ]; then 8 | cmd=../apps/openssl/openssl 9 | if [ -e ../apps/openssl/openssl.exe ]; then 10 | cmd=../apps/openssl/openssl.exe 11 | fi 12 | else 13 | cmd=../apps/openssl 14 | if [ -e ../apps/openssl.exe ]; then 15 | cmd=../apps/openssl.exe 16 | fi 17 | fi 18 | 19 | if [ -z $srcdir ]; then 20 | srcdir=. 21 | fi 22 | 23 | # Generate DSA paramter set 24 | $cmd dsaparam 512 -out dsa512.pem 25 | if [ $? != 0 ]; then 26 | exit 1; 27 | fi 28 | 29 | 30 | # Denerate a DSA certificate 31 | $cmd req -config $srcdir/openssl.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key 32 | if [ $? != 0 ]; then 33 | exit 1; 34 | fi 35 | 36 | 37 | # Now check the certificate 38 | $cmd x509 -text -in testdsa.pem 39 | if [ $? != 0 ]; then 40 | exit 1; 41 | fi 42 | 43 | rm testdsa.key dsa512.pem testdsa.pem 44 | 45 | exit 0 46 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/tests/testrsa.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # $OpenBSD: testrsa.sh,v 1.1 2014/08/26 17:50:07 jsing Exp $ 3 | 4 | 5 | #Test RSA certificate generation of openssl 6 | 7 | if [ -d ../apps/openssl ]; then 8 | cmd=../apps/openssl/openssl 9 | if [ -e ../apps/openssl/openssl.exe ]; then 10 | cmd=../apps/openssl/openssl.exe 11 | fi 12 | else 13 | cmd=../apps/openssl 14 | if [ -e ../apps/openssl.exe ]; then 15 | cmd=../apps/openssl.exe 16 | fi 17 | fi 18 | 19 | if [ -z $srcdir ]; then 20 | srcdir=. 21 | fi 22 | 23 | # Generate RSA private key 24 | $cmd genrsa -out rsakey.pem 25 | if [ $? != 0 ]; then 26 | exit 1; 27 | fi 28 | 29 | 30 | # Generate an RSA certificate 31 | $cmd req -config $srcdir/openssl.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem 32 | if [ $? != 0 ]; then 33 | exit 1; 34 | fi 35 | 36 | 37 | # Now check the certificate 38 | $cmd x509 -text -in rsacert.pem 39 | if [ $? != 0 ]; then 40 | exit 1; 41 | fi 42 | 43 | rm -f rsacert.pem rsakey.pem 44 | 45 | exit 0 46 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/tls/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories( 2 | . 3 | ../include 4 | ../include/compat 5 | ) 6 | 7 | set( 8 | TLS_SRC 9 | tls.c 10 | tls_client.c 11 | tls_config.c 12 | tls_conninfo.c 13 | tls_server.c 14 | tls_peer.c 15 | tls_util.c 16 | tls_verify.c 17 | ) 18 | 19 | 20 | if(NOT HAVE_STRSEP) 21 | set(TLS_SRC ${TLS_SRC} strsep.c) 22 | endif() 23 | 24 | if(NOT "${OPENSSLDIR}" STREQUAL "") 25 | add_definitions(-D_PATH_SSL_CA_FILE=\"${OPENSSLDIR}/cert.pem\") 26 | else() 27 | add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\") 28 | endif() 29 | 30 | if (BUILD_SHARED) 31 | add_library(tls-objects OBJECT ${TLS_SRC}) 32 | add_library(tls STATIC $) 33 | add_library(tls-shared SHARED $) 34 | set_target_properties(tls-shared PROPERTIES OUTPUT_NAME tls) 35 | set_target_properties(tls-shared PROPERTIES VERSION ${TLS_VERSION} 36 | SOVERSION ${TLS_MAJOR_VERSION}) 37 | install(TARGETS tls tls-shared DESTINATION lib) 38 | else() 39 | add_library(tls STATIC ${TLS_SRC}) 40 | install(TARGETS tls DESTINATION lib) 41 | endif() 42 | 43 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/tls/Makefile.am: -------------------------------------------------------------------------------- 1 | include $(top_srcdir)/Makefile.am.common 2 | 3 | lib_LTLIBRARIES = libtls.la 4 | 5 | EXTRA_DIST = VERSION 6 | EXTRA_DIST += CMakeLists.txt 7 | 8 | libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined 9 | libtls_la_LIBADD = $(abs_top_builddir)/ssl/libssl.la 10 | libtls_la_LIBADD += $(abs_top_builddir)/crypto/libcrypto.la 11 | libtls_la_LIBADD += $(PLATFORM_LDADD) 12 | 13 | libtls_la_CPPFLAGS = $(AM_CPPFLAGS) 14 | if OPENSSLDIR_DEFINED 15 | libtls_la_CPPFLAGS += -D_PATH_SSL_CA_FILE=\"@OPENSSLDIR@/cert.pem\" 16 | else 17 | libtls_la_CPPFLAGS += -D_PATH_SSL_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\" 18 | endif 19 | 20 | libtls_la_SOURCES = tls.c 21 | libtls_la_SOURCES += tls_client.c 22 | libtls_la_SOURCES += tls_config.c 23 | libtls_la_SOURCES += tls_conninfo.c 24 | libtls_la_SOURCES += tls_server.c 25 | libtls_la_SOURCES += tls_peer.c 26 | libtls_la_SOURCES += tls_util.c 27 | libtls_la_SOURCES += tls_verify.c 28 | noinst_HEADERS = tls_internal.h 29 | 30 | if !HAVE_STRSEP 31 | libtls_la_SOURCES += strsep.c 32 | endif 33 | -------------------------------------------------------------------------------- /src/libressl-2.4.1/tls/VERSION: -------------------------------------------------------------------------------- 1 | 11:0:0 2 | -------------------------------------------------------------------------------- /src/talos/enclaveshim/enclave.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 0 4 | 0 5 | 0x40000 6 | 0x4600000 7 | 50 8 | 1 9 | 0 10 | 0 11 | 0xFFFFFFFF 12 | 13 | -------------------------------------------------------------------------------- /src/talos/enclaveshim/enclave.lds: -------------------------------------------------------------------------------- 1 | enclave.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | local: 8 | *; 9 | }; 10 | -------------------------------------------------------------------------------- /src/talos/enclaveshim/enclaveshim_config.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2017 Imperial College London 3 | * Licensed under the Apache License, Version 2.0 (the "License"); 4 | * you may not use this file except in compliance with the License. 5 | * You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software 10 | * distributed under the License is distributed on an "AS IS" BASIS, 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied 12 | * See the License for the specific language governing permissions and 13 | * limitations under the License. 14 | */ 15 | 16 | /* 17 | * This file contains important macros to configure TaLoS behaviour 18 | */ 19 | 20 | #ifndef ENCLAVESHIM_CONFIG_H 21 | #define ENCLAVESHIM_CONFIG_H 22 | 23 | #ifdef SGX_MODE_SIM 24 | #define OPENSSL_LIBRARY_PATH "/usr/lib/x86_64-linux-gnu/libssl.so" 25 | #endif 26 | 27 | #undef USE_ASYNC_ECALLS_OCALLS // define it to use the asynchronous queues for ecalls and ocalls 28 | 29 | #undef COMPILE_OPTIMISATION_FOR_APACHE // define this macro to remove a few unnecessary ocalls for Apache (but needed by nginx/squid) 30 | 31 | #undef SQUID_WORKAROUND // define this macro when compiling with Squid, to activate AES-NI and avoid an illegal instruction 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /src/talos/enclaveshim/hashmap.h: -------------------------------------------------------------------------------- 1 | // from http://www2.informatik.hu-berlin.de/~weber/slipOff/hashmap_h.html 2 | 3 | #ifndef HASHMAP_H_INCLUDED 4 | #define HASHMAP_H_INCLUDED 5 | 6 | /** Hashmap structure (forward declaration) */ 7 | struct s_hashmap; 8 | typedef struct s_hashmap hashmap; 9 | 10 | /** Creates a new hashmap near the given size. */ 11 | extern hashmap* hashmapCreate(int startsize); 12 | 13 | /** Inserts a new element into the hashmap. */ 14 | extern void hashmapInsert(hashmap*, const void* data, unsigned long key); 15 | 16 | /** Removes the storage for the element of the key and returns the element. */ 17 | extern void* hashmapRemove(hashmap*, unsigned long key); 18 | 19 | /** Returns the element for the key. */ 20 | extern void* hashmapGet(hashmap*, unsigned long key); 21 | 22 | /** Returns the number of saved elements. */ 23 | extern long hashmapCount(hashmap*); 24 | 25 | /** Removes the hashmap structure. */ 26 | extern void hashmapDelete(hashmap*); 27 | 28 | #endif 29 | 30 | -------------------------------------------------------------------------------- /src/talos/enclaveshim/mempool.h: -------------------------------------------------------------------------------- 1 | /* 2 | * From COMPUTATION TOOLS 2012 : The Third International Conference on Computational Logics, Algebras, Programming, Tools, and Benchmarking 3 | * Fast Efficient Fixed-Size Memory Pool 4 | * No Loops and No Overhead 5 | * 6 | * Ben Kenwright 7 | * School of Computer Science 8 | * Newcastle University 9 | * Newcastle, United Kingdom, 10 | * b.kenwright@ncl.ac.uk 11 | */ 12 | 13 | #ifndef MEMPOOL_H_ 14 | #define MEMPOOL_H_ 15 | 16 | #include 17 | 18 | typedef unsigned int uint; 19 | typedef unsigned char uchar; 20 | 21 | typedef struct mempool { 22 | uint m_numOfBlocks; //Num of blocks 23 | uint m_sizeOfEachBlock; //Size of each block 24 | uint m_numFreeBlocks; //Num of remaining blocks 25 | uint m_numInitialized; //Num of initialized blocks 26 | uchar* m_memStart; //Beginning of memory pool 27 | uchar* m_memEnd; //End of memory pool 28 | uchar* m_next; //Num of next free block 29 | } mempool; 30 | 31 | mempool create_pool(size_t sizeOfEachBlock, uint numOfBlocks); 32 | void destroy_pool(mempool* pool); 33 | 34 | inline int pool_address_is_valid(mempool* pool, void* p) { 35 | return ((uchar*)p >= pool->m_memStart && (uchar*)p <= pool->m_memEnd); 36 | } 37 | 38 | void* pool_alloc(mempool* pool); 39 | void pool_dealloc(mempool* pool, void* p); 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /src/talos/patch/a_bitstr.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/asn1/a_bitstr.c 2019-09-04 14:50:24.010777901 +0900 2 | +++ ../talos/./crypto/asn1/a_bitstr.c 2019-09-04 14:48:30.558025463 +0900 3 | @@ -118,7 +118,7 @@ 4 | 5 | *(p++) = (unsigned char)bits; 6 | d = a->data; 7 | - memcpy(p, d, len); 8 | + memcpy(p, d, (unsigned)len); 9 | p += len; 10 | if (len > 0) 11 | p[-1]&=(0xff << bits); 12 | -------------------------------------------------------------------------------- /src/talos/patch/a_int.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/asn1/a_int.c 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/asn1/a_int.c 2017-07-17 11:08:32.261409300 +0100 3 | @@ -406,6 +406,10 @@ 4 | } 5 | 6 | ASN1_INTEGER * 7 | +ecall_BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) { 8 | + return BN_to_ASN1_INTEGER(bn, ai); 9 | +} 10 | +ASN1_INTEGER * 11 | BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) 12 | { 13 | ASN1_INTEGER *ret; 14 | @@ -449,6 +453,10 @@ 15 | } 16 | 17 | BIGNUM * 18 | +ecall_ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) { 19 | + return ASN1_INTEGER_to_BN(ai, bn); 20 | +} 21 | +BIGNUM * 22 | ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) 23 | { 24 | BIGNUM *ret; 25 | -------------------------------------------------------------------------------- /src/talos/patch/a_object.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/asn1/a_object.c 2019-09-04 14:50:24.014777928 +0900 2 | +++ ../talos/./crypto/asn1/a_object.c 2019-09-04 14:48:41.454097834 +0900 3 | @@ -235,7 +235,7 @@ 4 | return -1; 5 | i = i2t_ASN1_OBJECT(tmp, tlen, a); 6 | if (i > (int)(tlen - 1)) { 7 | - explicit_bzero(tmp, tlen); 8 | + bzero(tmp, tlen); 9 | free(tmp); 10 | if ((tmp = malloc(i + 1)) == NULL) 11 | return -1; 12 | @@ -246,7 +246,7 @@ 13 | i = BIO_write(bp, "", 9); 14 | else 15 | i = BIO_write(bp, tmp, i); 16 | - explicit_bzero(tmp, tlen); 17 | + bzero(tmp, tlen); 18 | free(tmp); 19 | return (i); 20 | } 21 | @@ -324,7 +324,7 @@ 22 | /* detach data from object */ 23 | data = (unsigned char *)ret->data; 24 | if (data != NULL) 25 | - explicit_bzero(data, ret->length); 26 | + bzero(data, ret->length); 27 | free(data); 28 | data = malloc(length); 29 | if (data == NULL) { 30 | @@ -384,7 +384,7 @@ 31 | } 32 | if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) { 33 | if (a->data != NULL) 34 | - explicit_bzero((void *)a->data, a->length); 35 | + bzero((void *)a->data, a->length); 36 | free((void *)a->data); 37 | a->data = NULL; 38 | a->length = 0; 39 | -------------------------------------------------------------------------------- /src/talos/patch/a_sign.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/asn1/a_sign.c 2019-09-04 14:50:24.014777928 +0900 2 | +++ ../talos/./crypto/asn1/a_sign.c 2019-09-04 14:48:52.506171216 +0900 3 | @@ -230,11 +230,11 @@ 4 | err: 5 | EVP_MD_CTX_cleanup(ctx); 6 | if (buf_in != NULL) { 7 | - explicit_bzero((char *)buf_in, inl); 8 | + bzero((char *)buf_in, inl); 9 | free(buf_in); 10 | } 11 | if (buf_out != NULL) { 12 | - explicit_bzero((char *)buf_out, outll); 13 | + bzero((char *)buf_out, outll); 14 | free(buf_out); 15 | } 16 | return (outl); 17 | -------------------------------------------------------------------------------- /src/talos/patch/a_time_tm.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/asn1/a_time_tm.c 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/asn1/a_time_tm.c 2017-07-17 11:08:32.261409300 +0100 3 | @@ -29,6 +29,14 @@ 4 | #define GENTIME_LENGTH 15 5 | #define UTCTIME_LENGTH 13 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern int my_asprintf(char **strp, const char *fmt, ...); 9 | +extern char *my_strdup(const char *s); 10 | +#else 11 | +#define my_asprintf(strp, fmt, ...) asprintf(strp, fmt, __VA_ARGS__) 12 | +#define my_strdup(s) strdup(s) 13 | +#endif 14 | + 15 | int 16 | asn1_tm_cmp(struct tm *tm1, struct tm *tm2) { 17 | if (tm1->tm_year < tm2->tm_year) 18 | @@ -69,7 +77,7 @@ 19 | if (year < 0 || year > 9999) 20 | return (NULL); 21 | 22 | - if (asprintf(&ret, "%04u%02u%02u%02u%02u%02uZ", year, 23 | + if (my_asprintf(&ret, "%04u%02u%02u%02u%02u%02uZ", year, 24 | tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min, 25 | tm->tm_sec) == -1) 26 | ret = NULL; 27 | @@ -86,7 +94,7 @@ 28 | if (tm->tm_year >= 150 || tm->tm_year < 50) 29 | return (NULL); 30 | 31 | - if (asprintf(&ret, "%02u%02u%02u%02u%02u%02uZ", 32 | + if (my_asprintf(&ret, "%02u%02u%02u%02u%02u%02uZ", 33 | tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday, 34 | tm->tm_hour, tm->tm_min, tm->tm_sec) == -1) 35 | ret = NULL; 36 | @@ -226,7 +234,7 @@ 37 | if (s == NULL) 38 | return (1); 39 | 40 | - if ((tmp = strdup(str)) == NULL) 41 | + if ((tmp = my_strdup(str)) == NULL) 42 | return (0); 43 | free(s->data); 44 | s->data = tmp; 45 | -------------------------------------------------------------------------------- /src/talos/patch/a_verify.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/asn1/a_verify.c 2019-09-04 14:50:24.014777928 +0900 2 | +++ ../talos/./crypto/asn1/a_verify.c 2019-09-04 14:49:11.838299519 +0900 3 | @@ -153,7 +153,7 @@ 4 | goto err; 5 | } 6 | 7 | - explicit_bzero(buf_in, (unsigned int)inl); 8 | + bzero(buf_in, (unsigned int)inl); 9 | free(buf_in); 10 | 11 | if (EVP_DigestVerifyFinal(&ctx, signature->data, 12 | -------------------------------------------------------------------------------- /src/talos/patch/aes_wrap.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/aes/aes_wrap.c 2019-09-04 14:50:24.010777901 +0900 2 | +++ ../talos/./crypto/aes/aes_wrap.c 2019-09-04 14:47:16.929535762 +0900 3 | @@ -126,7 +126,7 @@ 4 | if (!iv) 5 | iv = default_iv; 6 | if (memcmp(A, iv, 8)) { 7 | - explicit_bzero(out, inlen); 8 | + bzero(out, inlen); 9 | return 0; 10 | } 11 | return inlen; 12 | -------------------------------------------------------------------------------- /src/talos/patch/ameth_lib.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/asn1/ameth_lib.c 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/asn1/ameth_lib.c 2017-07-17 11:08:32.261409300 +0100 3 | @@ -117,6 +117,12 @@ 4 | DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *, 5 | const EVP_PKEY_ASN1_METHOD *, ameth); 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern char *my_strdup(const char *s); 9 | +#else 10 | +#define my_strdup(s) strdup(s) 11 | +#endif 12 | + 13 | static int 14 | ameth_cmp(const EVP_PKEY_ASN1_METHOD * const *a, 15 | const EVP_PKEY_ASN1_METHOD * const *b) 16 | @@ -304,14 +310,14 @@ 17 | ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC; 18 | 19 | if (info) { 20 | - ameth->info = strdup(info); 21 | + ameth->info = my_strdup(info); 22 | if (!ameth->info) 23 | goto err; 24 | } else 25 | ameth->info = NULL; 26 | 27 | if (pem_str) { 28 | - ameth->pem_str = strdup(pem_str); 29 | + ameth->pem_str = my_strdup(pem_str); 30 | if (!ameth->pem_str) 31 | goto err; 32 | } else 33 | -------------------------------------------------------------------------------- /src/talos/patch/arc4random.h.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/compat/arc4random.h 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/compat/arc4random.h 2017-07-17 11:08:32.213410215 +0100 3 | @@ -3,33 +3,4 @@ 4 | 5 | #include 6 | 7 | -#if defined(_AIX) 8 | -#include "arc4random_aix.h" 9 | - 10 | -#elif defined(__FreeBSD__) 11 | -#include "arc4random_freebsd.h" 12 | - 13 | -#elif defined(__hpux) 14 | -#include "arc4random_hpux.h" 15 | - 16 | -#elif defined(__linux__) 17 | -#include "arc4random_linux.h" 18 | - 19 | -#elif defined(__NetBSD__) 20 | -#include "arc4random_netbsd.h" 21 | - 22 | -#elif defined(__APPLE__) 23 | -#include "arc4random_osx.h" 24 | - 25 | -#elif defined(__sun) 26 | -#include "arc4random_solaris.h" 27 | - 28 | -#elif defined(_WIN32) 29 | -#include "arc4random_win.h" 30 | - 31 | -#else 32 | -#error "No arc4random hooks defined for this platform." 33 | - 34 | -#endif 35 | - 36 | #endif 37 | -------------------------------------------------------------------------------- /src/talos/patch/asn1.h.patch: -------------------------------------------------------------------------------- 1 | --- ./include/openssl/asn1.h 2017-03-08 11:15:50.741464161 +0000 2 | +++ ../talos/./include/openssl/asn1.h 2017-03-08 11:13:57.475751923 +0000 3 | @@ -880,7 +880,9 @@ 4 | 5 | int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); 6 | long ASN1_INTEGER_get(const ASN1_INTEGER *a); 7 | +ASN1_INTEGER *ecall_BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); 8 | ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); 9 | +BIGNUM *ecall_ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); 10 | BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); 11 | 12 | int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); 13 | -------------------------------------------------------------------------------- /src/talos/patch/asn_mime.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/asn1/asn_mime.c 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/asn1/asn_mime.c 2017-07-17 11:08:32.261409300 +0100 3 | @@ -108,6 +108,12 @@ 4 | static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); 5 | static void mime_hdr_free(MIME_HEADER *hdr); 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern char *my_strdup(const char *s); 9 | +#else 10 | +#define my_strdup(s) strdup(s) 11 | +#endif 12 | + 13 | #define MAX_SMLEN 1024 14 | #define mime_debug(x) /* x */ 15 | 16 | @@ -853,13 +859,13 @@ 17 | char *tmpname = NULL, *tmpval = NULL, *p; 18 | 19 | if (name) { 20 | - if (!(tmpname = strdup(name))) 21 | + if (!(tmpname = my_strdup(name))) 22 | goto err; 23 | for (p = tmpname; *p; p++) 24 | *p = tolower((unsigned char)*p); 25 | } 26 | if (value) { 27 | - if (!(tmpval = strdup(value))) 28 | + if (!(tmpval = my_strdup(value))) 29 | goto err; 30 | for (p = tmpval; *p; p++) 31 | *p = tolower((unsigned char)*p); 32 | @@ -887,14 +893,14 @@ 33 | MIME_PARAM *mparam; 34 | 35 | if (name) { 36 | - tmpname = strdup(name); 37 | + tmpname = my_strdup(name); 38 | if (!tmpname) 39 | goto err; 40 | for (p = tmpname; *p; p++) 41 | *p = tolower((unsigned char)*p); 42 | } 43 | if (value) { 44 | - tmpval = strdup(value); 45 | + tmpval = my_strdup(value); 46 | if (!tmpval) 47 | goto err; 48 | } 49 | -------------------------------------------------------------------------------- /src/talos/patch/b_print.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/bio/b_print.c 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/bio/b_print.c 2017-07-17 11:08:32.261409300 +0100 3 | @@ -4,6 +4,14 @@ 4 | 5 | #include 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern int my_vasprintf(char **strp, const char *fmt, va_list ap); 9 | +extern int my_vfprintf(FILE *stream, const char *format, va_list ap); 10 | +#else 11 | +#define my_vasprintf(strp, fmt, ap) vasprintf(strp, fmt, ap) 12 | +#define my_vfprintf(stream, format, ap) vfprintf(stream, format, ap) 13 | +#endif 14 | + 15 | int 16 | BIO_printf(BIO *bio, const char *format, ...) 17 | { 18 | @@ -34,7 +42,7 @@ 19 | ret = -1; 20 | goto fail; 21 | } 22 | - ret = vfprintf(fp, format, args); 23 | + ret = my_vfprintf(fp, format, args); 24 | fclose(fp); 25 | fail: 26 | return (ret); 27 | @@ -48,7 +56,7 @@ 28 | int ret; 29 | char *buf = NULL; 30 | 31 | - ret = vasprintf(&buf, format, args); 32 | + ret = my_vasprintf(&buf, format, args); 33 | if (buf == NULL) { 34 | ret = -1; 35 | goto fail; 36 | -------------------------------------------------------------------------------- /src/talos/patch/b_sock.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/bio/b_sock.c 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/bio/b_sock.c 2017-07-17 11:08:32.261409300 +0100 3 | @@ -75,6 +75,12 @@ 4 | #include 5 | #include 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern char *my_strdup(const char *s); 9 | +#else 10 | +#define my_strdup(s) strdup(s) 11 | +#endif 12 | + 13 | int 14 | BIO_get_host_ip(const char *str, unsigned char *ip) 15 | { 16 | @@ -220,7 +226,7 @@ 17 | unsigned long l; 18 | int err_num; 19 | 20 | - if (host == NULL || (str = strdup(host)) == NULL) 21 | + if (host == NULL || (str = my_strdup(host)) == NULL) 22 | return (-1); 23 | 24 | h = p = NULL; 25 | -------------------------------------------------------------------------------- /src/talos/patch/bio_enc.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/evp/bio_enc.c 2019-09-04 14:50:24.046778140 +0900 2 | +++ ../talos/./crypto/evp/bio_enc.c 2019-09-04 14:49:11.942300209 +0900 3 | @@ -135,7 +135,7 @@ 4 | return (0); 5 | b = (BIO_ENC_CTX *)a->ptr; 6 | EVP_CIPHER_CTX_cleanup(&(b->cipher)); 7 | - explicit_bzero(a->ptr, sizeof(BIO_ENC_CTX)); 8 | + bzero(a->ptr, sizeof(BIO_ENC_CTX)); 9 | free(a->ptr); 10 | a->ptr = NULL; 11 | a->init = 0; 12 | -------------------------------------------------------------------------------- /src/talos/patch/bn_asm.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/bn/bn_asm.c 2019-09-04 14:50:24.026778007 +0900 2 | +++ ../talos/./crypto/bn/bn_asm.c 2019-09-04 14:49:11.854299625 +0900 3 | @@ -989,7 +989,7 @@ 4 | } 5 | memcpy(rp, tp, num * sizeof(BN_ULONG)); 6 | out: 7 | - explicit_bzero(tp, (num + 2) * sizeof(BN_ULONG)); 8 | + bzero(tp, (num + 2) * sizeof(BN_ULONG)); 9 | free(tp); 10 | return 1; 11 | } 12 | @@ -1081,7 +1081,7 @@ 13 | } 14 | memcpy(rp, tp, num * sizeof(BN_ULONG)); 15 | out: 16 | - explicit_bzero(tp, (num + 2) * sizeof(BN_ULONG)); 17 | + bzero(tp, (num + 2) * sizeof(BN_ULONG)); 18 | free(tp); 19 | return 1; 20 | } 21 | -------------------------------------------------------------------------------- /src/talos/patch/bn_exp.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/bn/bn_exp.c 2019-09-04 14:50:24.030778034 +0900 2 | +++ ../talos/./crypto/bn/bn_exp.c 2019-09-04 14:49:11.862299678 +0900 3 | @@ -825,7 +825,7 @@ 4 | if ((in_mont == NULL) && (mont != NULL)) 5 | BN_MONT_CTX_free(mont); 6 | if (powerbuf != NULL) { 7 | - explicit_bzero(powerbuf, powerbufLen); 8 | + bzero(powerbuf, powerbufLen); 9 | free(powerbufFree); 10 | } 11 | BN_CTX_end(ctx); 12 | -------------------------------------------------------------------------------- /src/talos/patch/bn_print.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/bn/bn_print.c 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/bn/bn_print.c 2017-07-17 11:08:32.261409300 +0100 3 | @@ -260,6 +260,11 @@ 4 | } 5 | 6 | int 7 | +ecall_BN_dec2bn(BIGNUM **bn, const char *a) 8 | +{ 9 | + return BN_dec2bn(bn, a); 10 | +} 11 | +int 12 | BN_dec2bn(BIGNUM **bn, const char *a) 13 | { 14 | BIGNUM *ret = NULL; 15 | -------------------------------------------------------------------------------- /src/talos/patch/bn_rand.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/bn/bn_rand.c 2019-09-04 14:50:24.030778034 +0900 2 | +++ ../talos/./crypto/bn/bn_rand.c 2019-09-04 14:49:11.874299758 +0900 3 | @@ -187,7 +187,7 @@ 4 | 5 | err: 6 | if (buf != NULL) { 7 | - explicit_bzero(buf, bytes); 8 | + bzero(buf, bytes); 9 | free(buf); 10 | } 11 | bn_check_top(rnd); 12 | -------------------------------------------------------------------------------- /src/talos/patch/bs_cbs.c.patch: -------------------------------------------------------------------------------- 1 | --- ./ssl/bs_cbs.c 2017-11-28 10:46:52.004404366 +0000 2 | +++ ../talos/./ssl/bs_cbs.c 2017-07-17 11:08:26.857512440 +0100 3 | @@ -24,6 +24,12 @@ 4 | 5 | #include "bytestring.h" 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern char *my_strndup(const char *s, size_t n); 9 | +#else 10 | +#define my_strndup(s, n) strndup(s, n) 11 | +#endif 12 | + 13 | void 14 | CBS_init(CBS *cbs, const uint8_t *data, size_t len) 15 | { 16 | @@ -99,7 +105,7 @@ 17 | CBS_strdup(const CBS *cbs, char **out_ptr) 18 | { 19 | free(*out_ptr); 20 | - *out_ptr = strndup((const char *)cbs->data, cbs->len); 21 | + *out_ptr = my_strndup((const char *)cbs->data, cbs->len); 22 | return (*out_ptr != NULL); 23 | } 24 | 25 | -------------------------------------------------------------------------------- /src/talos/patch/bss_acpt.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/bio/bss_acpt.c 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/bio/bss_acpt.c 2017-07-17 11:08:32.261409300 +0100 3 | @@ -69,6 +69,12 @@ 4 | 5 | #define SOCKET_PROTOCOL IPPROTO_TCP 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern char *my_strdup(const char *s); 9 | +#else 10 | +#define my_strdup(s) strdup(s) 11 | +#endif 12 | + 13 | typedef struct bio_accept_st { 14 | int state; 15 | char *param_addr; 16 | @@ -351,7 +357,7 @@ 17 | if (num == 0) { 18 | b->init = 1; 19 | free(data->param_addr); 20 | - data->param_addr = strdup(ptr); 21 | + data->param_addr = my_strdup(ptr); 22 | } else if (num == 1) { 23 | data->accept_nbio = (ptr != NULL); 24 | } else if (num == 2) { 25 | -------------------------------------------------------------------------------- /src/talos/patch/bss_dgram.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/bio/bss_dgram.c 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/bio/bss_dgram.c 2017-07-17 11:08:32.261409300 +0100 3 | @@ -74,7 +74,6 @@ 4 | 5 | #ifndef OPENSSL_NO_DGRAM 6 | 7 | - 8 | static int dgram_write(BIO *h, const char *buf, int num); 9 | static int dgram_read(BIO *h, char *buf, int size); 10 | static int dgram_puts(BIO *h, const char *str); 11 | @@ -307,7 +306,6 @@ 12 | if (ret <= 0) { 13 | if (BIO_dgram_should_retry(ret)) { 14 | BIO_set_retry_write(b); 15 | - 16 | data->_errno = errno; 17 | /* 18 | * higher layers are responsible for querying MTU, 19 | -------------------------------------------------------------------------------- /src/talos/patch/bss_file.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/bio/bss_file.c 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/bio/bss_file.c 2017-07-17 11:08:32.261409300 +0100 3 | @@ -111,6 +111,11 @@ 4 | }; 5 | 6 | BIO * 7 | +ecall_BIO_new_file(const char *filename, const char *mode) { 8 | + return BIO_new_file(filename, mode); 9 | +} 10 | + 11 | +BIO * 12 | BIO_new_file(const char *filename, const char *mode) 13 | { 14 | BIO *ret; 15 | @@ -149,6 +154,10 @@ 16 | } 17 | 18 | BIO_METHOD * 19 | +ecall_BIO_s_file(void) { 20 | + return BIO_s_file(); 21 | +} 22 | +BIO_METHOD * 23 | BIO_s_file(void) 24 | { 25 | return (&methods_filep); 26 | -------------------------------------------------------------------------------- /src/talos/patch/buf_str.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/buffer/buf_str.c 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/buffer/buf_str.c 2017-07-17 11:08:32.281408918 +0100 3 | @@ -28,13 +28,21 @@ 4 | * time change these to find the bad callers 5 | */ 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern char *my_strdup(const char *s); 9 | +extern char *my_strndup(const char *s, size_t n); 10 | +#else 11 | +#define my_strdup(s) strdup(s) 12 | +#define my_strndup(s, n) strndup(s, n) 13 | +#endif 14 | + 15 | char * 16 | BUF_strdup(const char *str) 17 | { 18 | char *ret = NULL; 19 | 20 | if (str != NULL) { 21 | - if (!(ret = strdup(str))) 22 | + if (!(ret = my_strdup(str))) 23 | BUFerr(BUF_F_BUF_STRDUP, ERR_R_MALLOC_FAILURE); 24 | } 25 | return ret; 26 | @@ -46,7 +54,7 @@ 27 | char *ret = NULL; 28 | 29 | if (str != NULL) { 30 | - if (!(ret = strndup(str, siz))) 31 | + if (!(ret = my_strndup(str, siz))) 32 | BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE); 33 | } 34 | return ret; 35 | -------------------------------------------------------------------------------- /src/talos/patch/buffer.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/buffer/buffer.c 2019-09-04 14:50:24.034778060 +0900 2 | +++ ../talos/./crypto/buffer/buffer.c 2019-09-04 14:49:11.874299758 +0900 3 | @@ -91,7 +91,7 @@ 4 | return; 5 | 6 | if (a->data != NULL) { 7 | - explicit_bzero(a->data, a->max); 8 | + bzero(a->data, a->max); 9 | free(a->data); 10 | } 11 | free(a); 12 | @@ -157,7 +157,7 @@ 13 | /* we're not shrinking - that case returns above */ 14 | if ((ret != NULL) && (str->data != NULL)) { 15 | memcpy(ret, str->data, str->max); 16 | - explicit_bzero(str->data, str->max); 17 | + bzero(str->data, str->max); 18 | free(str->data); 19 | } 20 | if (ret == NULL) { 21 | -------------------------------------------------------------------------------- /src/talos/patch/by_dir.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/x509/by_dir.c 2017-11-28 10:46:52.000404443 +0000 2 | +++ ../talos/./crypto/x509/by_dir.c 2017-07-17 11:08:32.257409376 +0100 3 | @@ -72,6 +72,12 @@ 4 | 5 | # include 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern char *my_strndup(const char *s, size_t n); 9 | +#else 10 | +#define my_strndup(s, n) strndup(s, n) 11 | +#endif 12 | + 13 | typedef struct lookup_dir_hashes_st { 14 | unsigned long hash; 15 | int suffix; 16 | @@ -241,7 +247,7 @@ 17 | } 18 | ent->dir_type = type; 19 | ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp); 20 | - ent->dir = strndup(ss, (size_t)len); 21 | + ent->dir = my_strndup(ss, (size_t)len); 22 | if (!ent->dir || !ent->hashes) { 23 | X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE); 24 | by_dir_entry_free(ent); 25 | -------------------------------------------------------------------------------- /src/talos/patch/c_all.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/evp/c_all.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/evp/c_all.c 2017-07-17 11:08:32.237409759 +0100 3 | @@ -283,6 +283,11 @@ 4 | } 5 | 6 | void 7 | +ecall_OPENSSL_add_all_algorithms_noconf(void) 8 | +{ 9 | + OPENSSL_add_all_algorithms_noconf(); 10 | +} 11 | +void 12 | OPENSSL_add_all_algorithms_noconf(void) 13 | { 14 | OPENSSL_cpuid_setup(); 15 | -------------------------------------------------------------------------------- /src/talos/patch/cmac.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/cmac/cmac.c 2019-09-04 14:50:24.034778060 +0900 2 | +++ ../talos/./crypto/cmac/cmac.c 2019-09-04 14:49:11.878299784 +0900 3 | @@ -107,10 +107,10 @@ 4 | CMAC_CTX_cleanup(CMAC_CTX *ctx) 5 | { 6 | EVP_CIPHER_CTX_cleanup(&ctx->cctx); 7 | - explicit_bzero(ctx->tbl, EVP_MAX_BLOCK_LENGTH); 8 | - explicit_bzero(ctx->k1, EVP_MAX_BLOCK_LENGTH); 9 | - explicit_bzero(ctx->k2, EVP_MAX_BLOCK_LENGTH); 10 | - explicit_bzero(ctx->last_block, EVP_MAX_BLOCK_LENGTH); 11 | + bzero(ctx->tbl, EVP_MAX_BLOCK_LENGTH); 12 | + bzero(ctx->k1, EVP_MAX_BLOCK_LENGTH); 13 | + bzero(ctx->k2, EVP_MAX_BLOCK_LENGTH); 14 | + bzero(ctx->last_block, EVP_MAX_BLOCK_LENGTH); 15 | ctx->nlast_block = -1; 16 | } 17 | 18 | @@ -183,7 +183,7 @@ 19 | return 0; 20 | make_kn(ctx->k1, ctx->tbl, bl); 21 | make_kn(ctx->k2, ctx->k1, bl); 22 | - explicit_bzero(ctx->tbl, bl); 23 | + bzero(ctx->tbl, bl); 24 | /* Reset context again ready for first data block */ 25 | if (!EVP_EncryptInit_ex(&ctx->cctx, NULL, NULL, NULL, zero_iv)) 26 | return 0; 27 | @@ -260,7 +260,7 @@ 28 | out[i] = ctx->last_block[i] ^ ctx->k2[i]; 29 | } 30 | if (!EVP_Cipher(&ctx->cctx, out, out, bl)) { 31 | - explicit_bzero(out, bl); 32 | + bzero(out, bl); 33 | return 0; 34 | } 35 | return 1; 36 | -------------------------------------------------------------------------------- /src/talos/patch/conf.h.patch: -------------------------------------------------------------------------------- 1 | --- ./include/openssl/conf.h 2017-03-08 11:15:50.745464080 +0000 2 | +++ ../talos/./include/openssl/conf.h 2017-03-08 11:13:57.483751762 +0000 3 | @@ -134,6 +134,7 @@ 4 | int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out); 5 | int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out); 6 | 7 | +void ecall_OPENSSL_config(const char *config_name); 8 | void OPENSSL_config(const char *config_name); 9 | void OPENSSL_no_config(void); 10 | 11 | @@ -170,6 +171,7 @@ 12 | unsigned long flags); 13 | int CONF_modules_load_file(const char *filename, const char *appname, 14 | unsigned long flags); 15 | +void ecall_CONF_modules_unload(int all); 16 | void CONF_modules_unload(int all); 17 | void CONF_modules_finish(void); 18 | void CONF_modules_free(void); 19 | @@ -191,6 +193,7 @@ 20 | int CONF_parse_list(const char *list, int sep, int nospc, 21 | int (*list_cb)(const char *elem, int len, void *usr), void *arg); 22 | 23 | +void ecall_OPENSSL_load_builtin_modules(void); 24 | void OPENSSL_load_builtin_modules(void); 25 | 26 | /* BEGIN ERROR CODES */ 27 | -------------------------------------------------------------------------------- /src/talos/patch/conf_def.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/conf/conf_def.c 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/conf/conf_def.c 2017-07-17 11:08:32.213410215 +0100 3 | @@ -207,6 +207,12 @@ 4 | return ret; 5 | } 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern char *my_strdup(const char *s); 9 | +#else 10 | +#define my_strdup(s) strdup(s) 11 | +#endif 12 | + 13 | static int 14 | def_load_bio(CONF *conf, BIO *in, long *line) 15 | { 16 | @@ -228,7 +234,7 @@ 17 | goto err; 18 | } 19 | 20 | - section = strdup("default"); 21 | + section = my_strdup("default"); 22 | if (section == NULL) { 23 | CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); 24 | goto err; 25 | @@ -366,7 +372,7 @@ 26 | } 27 | if (psection == NULL) 28 | psection = section; 29 | - v->name = strdup(pname); 30 | + v->name = my_strdup(pname); 31 | v->value = NULL; 32 | if (v->name == NULL) { 33 | CONFerr(CONF_F_DEF_LOAD_BIO, 34 | -------------------------------------------------------------------------------- /src/talos/patch/conf_mall.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/conf/conf_mall.c 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/conf/conf_mall.c 2017-07-17 11:08:32.213410215 +0100 3 | @@ -72,6 +72,10 @@ 4 | /* Load all OpenSSL builtin modules */ 5 | 6 | void 7 | +ecall_OPENSSL_load_builtin_modules(void) { 8 | + OPENSSL_load_builtin_modules(); 9 | +} 10 | +void 11 | OPENSSL_load_builtin_modules(void) 12 | { 13 | /* Add builtin modules here */ 14 | -------------------------------------------------------------------------------- /src/talos/patch/conf_sap.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/conf/conf_sap.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/conf/conf_sap.c 2017-07-17 11:08:32.213410215 +0100 3 | @@ -78,6 +78,10 @@ 4 | static int openssl_configured = 0; 5 | 6 | void 7 | +ecall_OPENSSL_config(const char *config_name) { 8 | + OPENSSL_config(config_name); 9 | +} 10 | +void 11 | OPENSSL_config(const char *config_name) 12 | { 13 | if (openssl_configured) 14 | -------------------------------------------------------------------------------- /src/talos/patch/cversion.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/cversion.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/cversion.c 2017-07-17 11:08:32.257409376 +0100 3 | @@ -61,6 +61,37 @@ 4 | 5 | #include "cryptlib.h" 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +#include "sgx_error.h" 9 | +#include 10 | + 11 | +extern sgx_status_t ocall_malloc(void** retval, size_t size); 12 | +extern sgx_status_t ocall_realloc(void** retval, void* ptr, size_t size); 13 | +extern sgx_status_t ocall_free(void* ptr); 14 | + 15 | + 16 | +static char* SSLeay_version_buffer = NULL; 17 | +#endif 18 | + 19 | +char * 20 | +ecall_SSLeay_version(int t) { 21 | + const char* v = SSLeay_version(t); 22 | +#ifdef COMPILE_WITH_INTEL_SGX 23 | + size_t len = strlen(v); 24 | + if (!SSLeay_version_buffer) { 25 | + if (len+1 > 64) { // normally SSLeay_version() always returns a string shorter than 64 characters 26 | + return 0; 27 | + } 28 | + ocall_malloc((void**)&SSLeay_version_buffer, 64); 29 | + } 30 | + memcpy(SSLeay_version_buffer, v, len); 31 | + SSLeay_version_buffer[len] = '\0'; 32 | + return SSLeay_version_buffer; 33 | +#else 34 | + return (char*)v; 35 | +#endif 36 | +} 37 | + 38 | const char * 39 | SSLeay_version(int t) 40 | { 41 | -------------------------------------------------------------------------------- /src/talos/patch/d1_lib.c.patch: -------------------------------------------------------------------------------- 1 | --- ./ssl/d1_lib.c 2019-09-04 14:50:24.070778299 +0900 2 | +++ ../talos/./ssl/d1_lib.c 2019-09-04 14:49:18.594344340 +0900 3 | @@ -199,7 +199,7 @@ 4 | pqueue_free(s->d1->sent_messages); 5 | pqueue_free(s->d1->buffered_app_data.q); 6 | 7 | - explicit_bzero(s->d1, sizeof *s->d1); 8 | + bzero(s->d1, sizeof *s->d1); 9 | free(s->d1); 10 | s->d1 = NULL; 11 | } 12 | -------------------------------------------------------------------------------- /src/talos/patch/dh.h.patch: -------------------------------------------------------------------------------- 1 | --- ./include/openssl/dh.h 2017-03-08 11:15:50.749464000 +0000 2 | +++ ../talos/./include/openssl/dh.h 2017-03-08 11:13:57.491751601 +0000 3 | @@ -188,7 +188,9 @@ 4 | int DH_set_method(DH *dh, const DH_METHOD *meth); 5 | DH *DH_new_method(ENGINE *engine); 6 | 7 | +DH * ecall_DH_new(void); 8 | DH * DH_new(void); 9 | +void ecall_DH_free(DH *dh); 10 | void DH_free(DH *dh); 11 | int DH_up_ref(DH *dh); 12 | int DH_size(const DH *dh); 13 | -------------------------------------------------------------------------------- /src/talos/patch/dsa_asn1.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/dsa/dsa_asn1.c 2019-09-04 14:50:24.042778113 +0900 2 | +++ ../talos/./crypto/dsa/dsa_asn1.c 2019-09-04 14:49:11.910299997 +0900 3 | @@ -431,7 +431,7 @@ 4 | ret = DSA_do_verify(dgst, dgst_len, s, dsa); 5 | err: 6 | if (derlen > 0) { 7 | - explicit_bzero(der, derlen); 8 | + bzero(der, derlen); 9 | free(der); 10 | } 11 | DSA_SIG_free(s); 12 | -------------------------------------------------------------------------------- /src/talos/patch/dso_dlfcn.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/dso/dso_dlfcn.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/dso/dso_dlfcn.c 2017-07-17 11:08:32.213410215 +0100 3 | @@ -100,6 +100,8 @@ 4 | .globallookup = dlfcn_globallookup 5 | }; 6 | 7 | +extern int my_asprintf(char **strp, const char *fmt, ...); 8 | + 9 | DSO_METHOD * 10 | DSO_METHOD_dlfcn(void) 11 | { 12 | @@ -295,9 +297,9 @@ 13 | if (strchr(filename, '/') == NULL) { 14 | /* Bare name, so convert to "%s.so" or "lib%s.so" */ 15 | if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) 16 | - ret = asprintf(&translated, "lib%s" DSO_ext, filename); 17 | + ret = my_asprintf(&translated, "lib%s" DSO_ext, filename); 18 | else 19 | - ret = asprintf(&translated, "%s" DSO_ext, filename); 20 | + ret = my_asprintf(&translated, "%s" DSO_ext, filename); 21 | if (ret == -1) 22 | translated = NULL; 23 | } else { 24 | -------------------------------------------------------------------------------- /src/talos/patch/dso_lib.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/dso/dso_lib.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/dso/dso_lib.c 2017-07-17 11:08:32.213410215 +0100 3 | @@ -63,6 +63,12 @@ 4 | #include 5 | #include 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern char *my_strdup(const char *s); 9 | +#else 10 | +#define my_strdup(s) strdup(s) 11 | +#endif 12 | + 13 | static DSO_METHOD *default_DSO_meth = NULL; 14 | 15 | DSO * 16 | @@ -355,7 +361,7 @@ 17 | return (0); 18 | } 19 | /* We'll duplicate filename */ 20 | - copied = strdup(filename); 21 | + copied = my_strdup(filename); 22 | if (copied == NULL) { 23 | DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_MALLOC_FAILURE); 24 | return (0); 25 | @@ -406,7 +412,7 @@ 26 | result = dso->meth->dso_name_converter(dso, filename); 27 | } 28 | if (result == NULL) { 29 | - result = strdup(filename); 30 | + result = my_strdup(filename); 31 | if (result == NULL) { 32 | DSOerr(DSO_F_DSO_CONVERT_FILENAME, 33 | ERR_R_MALLOC_FAILURE); 34 | -------------------------------------------------------------------------------- /src/talos/patch/e_aes_cbc_hmac_sha1.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/evp/e_aes_cbc_hmac_sha1.c 2019-09-04 14:50:24.046778140 +0900 2 | +++ ../talos/./crypto/evp/e_aes_cbc_hmac_sha1.c 2019-09-04 14:49:11.962300342 +0900 3 | @@ -505,7 +505,7 @@ 4 | SHA1_Init(&key->tail); 5 | SHA1_Update(&key->tail, hmac_key, sizeof(hmac_key)); 6 | 7 | - explicit_bzero(hmac_key, sizeof(hmac_key)); 8 | + bzero(hmac_key, sizeof(hmac_key)); 9 | 10 | return 1; 11 | } 12 | -------------------------------------------------------------------------------- /src/talos/patch/e_chacha20poly1305.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/evp/e_chacha20poly1305.c 2019-09-04 14:50:24.046778140 +0900 2 | +++ ../talos/./crypto/evp/e_chacha20poly1305.c 2019-09-04 14:49:11.966300368 +0900 3 | @@ -83,7 +83,7 @@ 4 | { 5 | struct aead_chacha20_poly1305_ctx *c20_ctx = ctx->aead_state; 6 | 7 | - explicit_bzero(c20_ctx->key, sizeof(c20_ctx->key)); 8 | + bzero(c20_ctx->key, sizeof(c20_ctx->key)); 9 | free(c20_ctx); 10 | } 11 | 12 | -------------------------------------------------------------------------------- /src/talos/patch/e_idea.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/evp/e_idea.c 2019-09-04 14:50:24.050778166 +0900 2 | +++ ../talos/./crypto/evp/e_idea.c 2019-09-04 14:49:11.966300368 +0900 3 | @@ -116,7 +116,7 @@ 4 | 5 | idea_set_encrypt_key(key, &tmp); 6 | idea_set_decrypt_key(&tmp, ctx->cipher_data); 7 | - explicit_bzero((unsigned char *)&tmp, 8 | + bzero((unsigned char *)&tmp, 9 | sizeof(IDEA_KEY_SCHEDULE)); 10 | } 11 | return 1; 12 | -------------------------------------------------------------------------------- /src/talos/patch/ec.h.patch: -------------------------------------------------------------------------------- 1 | --- ./include/openssl/ec.h 2017-03-08 11:15:50.753463919 +0000 2 | +++ ../talos/./include/openssl/ec.h 2017-03-08 11:13:57.495751520 +0000 3 | @@ -193,6 +193,7 @@ 4 | /** Frees a EC_GROUP object 5 | * \param group EC_GROUP object to be freed. 6 | */ 7 | +void ecall_EC_GROUP_free(EC_GROUP *group); 8 | void EC_GROUP_free(EC_GROUP *group); 9 | 10 | /** Clears and frees a EC_GROUP object 11 | @@ -730,11 +731,13 @@ 12 | * \param nid NID of the named curve. 13 | * \return EC_KEY object or NULL if an error occurred. 14 | */ 15 | +EC_KEY *ecall_EC_KEY_new_by_curve_name(int nid); 16 | EC_KEY *EC_KEY_new_by_curve_name(int nid); 17 | 18 | /** Frees a EC_KEY object. 19 | * \param key EC_KEY object to be freed. 20 | */ 21 | +void ecall_EC_KEY_free(EC_KEY *key); 22 | void EC_KEY_free(EC_KEY *key); 23 | 24 | /** Copies a EC_KEY object. 25 | -------------------------------------------------------------------------------- /src/talos/patch/ec_key.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/ec/ec_key.c 2019-09-04 14:50:24.042778113 +0900 2 | +++ ../talos/./crypto/ec/ec_key.c 2019-09-04 14:49:11.922300076 +0900 3 | @@ -91,6 +91,11 @@ 4 | } 5 | 6 | EC_KEY * 7 | +ecall_EC_KEY_new_by_curve_name(int nid) { 8 | + return EC_KEY_new_by_curve_name(nid); 9 | +} 10 | + 11 | +EC_KEY * 12 | EC_KEY_new_by_curve_name(int nid) 13 | { 14 | EC_KEY *ret = EC_KEY_new(); 15 | @@ -105,6 +110,11 @@ 16 | } 17 | 18 | void 19 | +ecall_EC_KEY_free(EC_KEY * r) { 20 | + EC_KEY_free(r); 21 | +} 22 | + 23 | +void 24 | EC_KEY_free(EC_KEY * r) 25 | { 26 | int i; 27 | @@ -122,7 +132,7 @@ 28 | 29 | EC_EX_DATA_free_all_data(&r->method_data); 30 | 31 | - explicit_bzero((void *) r, sizeof(EC_KEY)); 32 | + bzero((void *) r, sizeof(EC_KEY)); 33 | 34 | free(r); 35 | } 36 | -------------------------------------------------------------------------------- /src/talos/patch/ec_lib.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/ec/ec_lib.c 2019-09-04 14:50:24.042778113 +0900 2 | +++ ../talos/./crypto/ec/ec_lib.c 2019-09-04 14:49:11.930300130 +0900 3 | @@ -112,8 +112,11 @@ 4 | return ret; 5 | } 6 | 7 | - 8 | void 9 | +ecall_EC_GROUP_free(EC_GROUP * group) { 10 | + return EC_GROUP_free(group); 11 | +} 12 | +void 13 | EC_GROUP_free(EC_GROUP * group) 14 | { 15 | if (!group) 16 | @@ -152,10 +155,10 @@ 17 | BN_clear_free(&group->cofactor); 18 | 19 | if (group->seed) { 20 | - explicit_bzero(group->seed, group->seed_len); 21 | + bzero(group->seed, group->seed_len); 22 | free(group->seed); 23 | } 24 | - explicit_bzero(group, sizeof *group); 25 | + bzero(group, sizeof *group); 26 | free(group); 27 | } 28 | 29 | @@ -754,7 +757,7 @@ 30 | point->meth->point_clear_finish(point); 31 | else if (point->meth->point_finish != 0) 32 | point->meth->point_finish(point); 33 | - explicit_bzero(point, sizeof *point); 34 | + bzero(point, sizeof *point); 35 | free(point); 36 | } 37 | 38 | -------------------------------------------------------------------------------- /src/talos/patch/ec_mult.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/ec/ec_mult.c 2019-09-04 14:50:24.042778113 +0900 2 | +++ ../talos/./crypto/ec/ec_mult.c 2019-09-04 14:49:11.938300182 +0900 3 | @@ -173,11 +173,11 @@ 4 | 5 | for (p = pre->points; *p != NULL; p++) { 6 | EC_POINT_clear_free(*p); 7 | - explicit_bzero(p, sizeof *p); 8 | + bzero(p, sizeof *p); 9 | } 10 | free(pre->points); 11 | } 12 | - explicit_bzero(pre, sizeof *pre); 13 | + bzero(pre, sizeof *pre); 14 | free(pre); 15 | } 16 | 17 | -------------------------------------------------------------------------------- /src/talos/patch/ech_lib.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/ecdh/ech_lib.c 2019-09-04 14:50:24.046778140 +0900 2 | +++ ../talos/./crypto/ecdh/ech_lib.c 2019-09-04 14:49:11.914300023 +0900 3 | @@ -182,7 +182,7 @@ 4 | 5 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data); 6 | 7 | - explicit_bzero((void *)r, sizeof(ECDH_DATA)); 8 | + bzero((void *)r, sizeof(ECDH_DATA)); 9 | 10 | free(r); 11 | } 12 | -------------------------------------------------------------------------------- /src/talos/patch/ecs_lib.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/ecdsa/ecs_lib.c 2019-09-04 14:50:24.046778140 +0900 2 | +++ ../talos/./crypto/ecdsa/ecs_lib.c 2019-09-04 14:49:11.914300023 +0900 3 | @@ -170,7 +170,7 @@ 4 | #endif 5 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data); 6 | 7 | - explicit_bzero((void *)r, sizeof(ECDSA_DATA)); 8 | + bzero((void *)r, sizeof(ECDSA_DATA)); 9 | 10 | free(r); 11 | } 12 | -------------------------------------------------------------------------------- /src/talos/patch/ecs_vrf.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/ecdsa/ecs_vrf.c 2019-09-04 14:50:24.046778140 +0900 2 | +++ ../talos/./crypto/ecdsa/ecs_vrf.c 2019-09-04 14:49:11.918300050 +0900 3 | @@ -108,7 +108,7 @@ 4 | 5 | err: 6 | if (derlen > 0) { 7 | - explicit_bzero(der, derlen); 8 | + bzero(der, derlen); 9 | free(der); 10 | } 11 | ECDSA_SIG_free(s); 12 | -------------------------------------------------------------------------------- /src/talos/patch/eng_all.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/engine/eng_all.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/engine/eng_all.c 2017-07-17 11:08:32.229409910 +0100 3 | @@ -62,6 +62,11 @@ 4 | #include "eng_int.h" 5 | 6 | void 7 | +ecall_ENGINE_load_builtin_engines(void) 8 | +{ 9 | + ENGINE_load_builtin_engines(); 10 | +} 11 | +void 12 | ENGINE_load_builtin_engines(void) 13 | { 14 | /* Some ENGINEs need this */ 15 | -------------------------------------------------------------------------------- /src/talos/patch/engine.h.patch: -------------------------------------------------------------------------------- 1 | --- ./include/openssl/engine.h 2017-03-08 11:15:50.757463839 +0000 2 | +++ ../talos/./include/openssl/engine.h 2017-03-08 11:13:57.503751357 +0000 3 | @@ -322,6 +322,7 @@ 4 | #ifndef OPENSSL_NO_STATIC_ENGINE 5 | void ENGINE_load_padlock(void); 6 | #endif 7 | +void ecall_ENGINE_load_builtin_engines(void); 8 | void ENGINE_load_builtin_engines(void); 9 | 10 | /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation 11 | @@ -480,7 +481,9 @@ 12 | * with functional references as well as structural references - it depends 13 | * which you obtained. Using the result for functional purposes if you only 14 | * obtained a structural reference may be problematic! */ 15 | +const char *ecall_ENGINE_get_id(const ENGINE *e); 16 | const char *ENGINE_get_id(const ENGINE *e); 17 | +const char *ecall_ENGINE_get_name(const ENGINE *e); 18 | const char *ENGINE_get_name(const ENGINE *e); 19 | const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); 20 | const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); 21 | -------------------------------------------------------------------------------- /src/talos/patch/err_all.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/err/err_all.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/err/err_all.c 2017-07-17 11:08:32.229409910 +0100 3 | @@ -107,6 +107,10 @@ 4 | #endif 5 | 6 | void 7 | +ecall_ERR_load_crypto_strings(void) { 8 | + ERR_load_crypto_strings(); 9 | +} 10 | +void 11 | ERR_load_crypto_strings(void) 12 | { 13 | #ifndef OPENSSL_NO_ERR 14 | -------------------------------------------------------------------------------- /src/talos/patch/evp_enc.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/evp/evp_enc.c 2019-09-04 14:50:24.050778166 +0900 2 | +++ ../talos/./crypto/evp/evp_enc.c 2019-09-04 14:49:11.970300394 +0900 3 | @@ -564,7 +564,7 @@ 4 | return 0; 5 | /* Cleanse cipher context data */ 6 | if (c->cipher_data) 7 | - explicit_bzero(c->cipher_data, c->cipher->ctx_size); 8 | + bzero(c->cipher_data, c->cipher->ctx_size); 9 | } 10 | free(c->cipher_data); 11 | #ifndef OPENSSL_NO_ENGINE 12 | @@ -573,7 +573,7 @@ 13 | * functional reference we held for this reason. */ 14 | ENGINE_finish(c->engine); 15 | #endif 16 | - explicit_bzero(c, sizeof(EVP_CIPHER_CTX)); 17 | + bzero(c, sizeof(EVP_CIPHER_CTX)); 18 | return 1; 19 | } 20 | 21 | -------------------------------------------------------------------------------- /src/talos/patch/evp_key.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/evp/evp_key.c 2019-09-04 14:50:24.050778166 +0900 2 | +++ ../talos/./crypto/evp/evp_key.c 2019-09-04 14:49:11.974300421 +0900 3 | @@ -116,7 +116,7 @@ 4 | } 5 | ret = UI_process(ui); 6 | UI_free(ui); 7 | - explicit_bzero(buff, BUFSIZ); 8 | + bzero(buff, BUFSIZ); 9 | return ret; 10 | } 11 | 12 | @@ -201,6 +201,6 @@ 13 | 14 | err: 15 | EVP_MD_CTX_cleanup(&c); 16 | - explicit_bzero(md_buf, sizeof md_buf); 17 | + bzero(md_buf, sizeof md_buf); 18 | return rv; 19 | } 20 | -------------------------------------------------------------------------------- /src/talos/patch/evp_lib.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/evp/evp_lib.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/evp/evp_lib.c 2017-07-17 11:08:32.241409681 +0100 3 | @@ -276,6 +276,12 @@ 4 | } 5 | 6 | int 7 | +ecall_EVP_MD_type(const EVP_MD *md) 8 | +{ 9 | + return EVP_MD_type(md); 10 | +} 11 | + 12 | +int 13 | EVP_MD_type(const EVP_MD *md) 14 | { 15 | return md->type; 16 | -------------------------------------------------------------------------------- /src/talos/patch/gcm128.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/modes/gcm128.c 2019-09-04 14:50:24.054778193 +0900 2 | +++ ../talos/./crypto/modes/gcm128.c 2019-09-04 14:49:12.074301085 +0900 3 | @@ -1533,7 +1533,7 @@ 4 | void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx) 5 | { 6 | if (ctx) { 7 | - explicit_bzero(ctx,sizeof(*ctx)); 8 | + bzero(ctx,sizeof(*ctx)); 9 | free(ctx); 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /src/talos/patch/getentropy_aix.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/compat/getentropy_aix.c 2019-09-04 14:50:24.034778060 +0900 2 | +++ ../talos/./crypto/compat/getentropy_aix.c 2019-09-04 14:49:11.890299864 +0900 3 | @@ -414,8 +414,8 @@ 4 | memcpy((char *)buf + i, results, min(sizeof(results), len - i)); 5 | i += min(sizeof(results), len - i); 6 | } 7 | - explicit_bzero(&ctx, sizeof ctx); 8 | - explicit_bzero(results, sizeof results); 9 | + bzero(&ctx, sizeof ctx); 10 | + bzero(results, sizeof results); 11 | if (gotdata(buf, len) == 0) { 12 | errno = save_errno; 13 | return (0); /* satisfied */ 14 | -------------------------------------------------------------------------------- /src/talos/patch/getentropy_hpux.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/compat/getentropy_hpux.c 2019-09-04 14:50:24.034778060 +0900 2 | +++ ../talos/./crypto/compat/getentropy_hpux.c 2019-09-04 14:49:11.894299890 +0900 3 | @@ -408,8 +408,8 @@ 4 | memcpy((char *)buf + i, results, min(sizeof(results), len - i)); 5 | i += min(sizeof(results), len - i); 6 | } 7 | - explicit_bzero(&ctx, sizeof ctx); 8 | - explicit_bzero(results, sizeof results); 9 | + bzero(&ctx, sizeof ctx); 10 | + bzero(results, sizeof results); 11 | if (gotdata(buf, len) == 0) { 12 | errno = save_errno; 13 | return (0); /* satisfied */ 14 | -------------------------------------------------------------------------------- /src/talos/patch/getentropy_osx.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/compat/getentropy_osx.c 2019-09-04 14:50:24.038778087 +0900 2 | +++ ../talos/./crypto/compat/getentropy_osx.c 2019-09-04 14:49:11.898299917 +0900 3 | @@ -418,8 +418,8 @@ 4 | memcpy((char *)buf + i, results, min(sizeof(results), len - i)); 5 | i += min(sizeof(results), len - i); 6 | } 7 | - explicit_bzero(&ctx, sizeof ctx); 8 | - explicit_bzero(results, sizeof results); 9 | + bzero(&ctx, sizeof ctx); 10 | + bzero(results, sizeof results); 11 | if (gotdata(buf, len) == 0) { 12 | errno = save_errno; 13 | return (0); /* satisfied */ 14 | -------------------------------------------------------------------------------- /src/talos/patch/getentropy_solaris.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/compat/getentropy_solaris.c 2019-09-04 14:50:24.038778087 +0900 2 | +++ ../talos/./crypto/compat/getentropy_solaris.c 2019-09-04 14:49:11.902299944 +0900 3 | @@ -434,8 +434,8 @@ 4 | memcpy((char *)buf + i, results, min(sizeof(results), len - i)); 5 | i += min(sizeof(results), len - i); 6 | } 7 | - explicit_bzero(&ctx, sizeof ctx); 8 | - explicit_bzero(results, sizeof results); 9 | + bzero(&ctx, sizeof ctx); 10 | + bzero(results, sizeof results); 11 | if (gotdata(buf, len) == 0) { 12 | errno = save_errno; 13 | return (0); /* satisfied */ 14 | -------------------------------------------------------------------------------- /src/talos/patch/gost2814789.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/gost/gost2814789.c 2019-09-04 14:50:24.050778166 +0900 2 | +++ ../talos/./crypto/gost/gost2814789.c 2019-09-04 14:49:11.986300501 +0900 3 | @@ -464,7 +464,7 @@ 4 | Gost2814789_set_key(&c.cipher, key, 256); 5 | GOST2814789IMIT_Update(&c, d, n); 6 | GOST2814789IMIT_Final(md, &c); 7 | - explicit_bzero(&c, sizeof(c)); 8 | + bzero(&c, sizeof(c)); 9 | return (md); 10 | } 11 | 12 | -------------------------------------------------------------------------------- /src/talos/patch/gostr341001_key.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/gost/gostr341001_key.c 2019-09-04 14:50:24.050778166 +0900 2 | +++ ../talos/./crypto/gost/gostr341001_key.c 2019-09-04 14:49:11.990300528 +0900 3 | @@ -105,7 +105,7 @@ 4 | EC_POINT_free(r->pub_key); 5 | BN_clear_free(r->priv_key); 6 | 7 | - explicit_bzero((void *)r, sizeof(GOST_KEY)); 8 | + bzero((void *)r, sizeof(GOST_KEY)); 9 | free(r); 10 | } 11 | 12 | -------------------------------------------------------------------------------- /src/talos/patch/gostr341194.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/gost/gostr341194.c 2019-09-04 14:50:24.050778166 +0900 2 | +++ ../talos/./crypto/gost/gostr341194.c 2019-09-04 14:49:11.990300528 +0900 3 | @@ -267,7 +267,7 @@ 4 | return 0; 5 | GOSTR341194_Update(&c, d, n); 6 | GOSTR341194_Final(md, &c); 7 | - explicit_bzero(&c, sizeof(c)); 8 | + bzero(&c, sizeof(c)); 9 | return (md); 10 | } 11 | #endif 12 | -------------------------------------------------------------------------------- /src/talos/patch/hm_ameth.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/hmac/hm_ameth.c 2019-09-04 14:50:24.054778193 +0900 2 | +++ ../talos/./crypto/hmac/hm_ameth.c 2019-09-04 14:49:12.002300607 +0900 3 | @@ -83,7 +83,7 @@ 4 | 5 | if (os) { 6 | if (os->data) 7 | - explicit_bzero(os->data, os->length); 8 | + bzero(os->data, os->length); 9 | ASN1_OCTET_STRING_free(os); 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /src/talos/patch/hm_pmeth.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/hmac/hm_pmeth.c 2019-09-04 14:50:24.054778193 +0900 2 | +++ ../talos/./crypto/hmac/hm_pmeth.c 2019-09-04 14:49:12.006300634 +0900 3 | @@ -66,6 +66,13 @@ 4 | 5 | #include "evp_locl.h" 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +#include "sgx_error.h" 9 | +#include "sgx_trts.h" 10 | + 11 | +extern sgx_status_t ocall_free(void* ptr); 12 | +#endif 13 | + 14 | /* HMAC pkey context structure */ 15 | 16 | typedef struct { 17 | @@ -123,9 +130,18 @@ 18 | 19 | HMAC_CTX_cleanup(&hctx->ctx); 20 | if (hctx->ktmp.data) { 21 | - if (hctx->ktmp.length) 22 | - explicit_bzero(hctx->ktmp.data, hctx->ktmp.length); 23 | - free(hctx->ktmp.data); 24 | + if (hctx->ktmp.length) { 25 | + bzero(hctx->ktmp.data, hctx->ktmp.length); 26 | + } 27 | +#ifdef COMPILE_WITH_INTEL_SGX 28 | + if (sgx_is_within_enclave(hctx->ktmp.data, 1)) { 29 | +#endif 30 | + free(hctx->ktmp.data); 31 | +#ifdef COMPILE_WITH_INTEL_SGX 32 | + } else { 33 | + ocall_free(hctx->ktmp.data); 34 | + } 35 | +#endif 36 | hctx->ktmp.data = NULL; 37 | } 38 | free(hctx); 39 | -------------------------------------------------------------------------------- /src/talos/patch/m_sha1.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/evp/m_sha1.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/evp/m_sha1.c 2017-07-17 11:08:32.237409759 +0100 3 | @@ -110,6 +110,11 @@ 4 | }; 5 | 6 | const EVP_MD * 7 | +ecall_EVP_sha1(void) { 8 | + return EVP_sha1(); 9 | +} 10 | + 11 | +const EVP_MD * 12 | EVP_sha1(void) 13 | { 14 | return (&sha1_md); 15 | -------------------------------------------------------------------------------- /src/talos/patch/malloc-wrapper.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/malloc-wrapper.c 2019-09-04 14:50:24.054778193 +0900 2 | +++ ../talos/./crypto/malloc-wrapper.c 2019-09-04 14:48:01.473832167 +0900 3 | @@ -18,6 +18,10 @@ 4 | #include 5 | #include 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern char* my_strdup(const char*); 9 | +#endif 10 | + 11 | int 12 | CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t), 13 | void (*f)(void *)) 14 | @@ -140,7 +144,11 @@ 15 | char * 16 | CRYPTO_strdup(const char *str, const char *file, int line) 17 | { 18 | +#ifdef COMPILE_WITH_INTEL_SGX 19 | + return my_strdup(str); 20 | +#else 21 | return strdup(str); 22 | +#endif 23 | } 24 | 25 | void * 26 | @@ -165,7 +173,7 @@ 27 | ret = malloc(num); 28 | if (ret && ptr && old_len > 0) { 29 | memcpy(ret, ptr, old_len); 30 | - explicit_bzero(ptr, old_len); 31 | + bzero(ptr, old_len); 32 | free(ptr); 33 | } 34 | return ret; 35 | -------------------------------------------------------------------------------- /src/talos/patch/md32_common.h.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/md32_common.h 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/md32_common.h 2017-07-17 11:08:32.257409376 +0100 3 | @@ -225,7 +225,6 @@ 4 | /* 5 | * Time for some action:-) 6 | */ 7 | - 8 | int 9 | HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len) 10 | { 11 | @@ -286,7 +285,6 @@ 12 | HASH_BLOCK_DATA_ORDER (c, data, 1); 13 | } 14 | 15 | - 16 | #ifndef HASH_NO_FINAL 17 | int HASH_FINAL (unsigned char *md, HASH_CTX *c) 18 | { 19 | -------------------------------------------------------------------------------- /src/talos/patch/md4_one.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/md4/md4_one.c 2019-09-04 14:50:24.054778193 +0900 2 | +++ ../talos/./crypto/md4/md4_one.c 2019-09-04 14:49:12.062301005 +0900 3 | @@ -71,7 +71,7 @@ 4 | return NULL; 5 | MD4_Update(&c,d,n); 6 | MD4_Final(md,&c); 7 | - explicit_bzero(&c,sizeof(c)); 8 | + bzero(&c,sizeof(c)); 9 | return(md); 10 | } 11 | 12 | -------------------------------------------------------------------------------- /src/talos/patch/md5.h.patch: -------------------------------------------------------------------------------- 1 | --- ./include/openssl/md5.h 2017-03-08 11:15:50.765463676 +0000 2 | +++ ../talos/./include/openssl/md5.h 2017-03-08 11:13:57.515751117 +0000 3 | @@ -94,9 +94,12 @@ 4 | unsigned int num; 5 | } MD5_CTX; 6 | 7 | +int ecall_MD5_Init(MD5_CTX *c); 8 | int MD5_Init(MD5_CTX *c); 9 | +int ecall_MD5_Update(MD5_CTX *c, const void *data, size_t len); 10 | int MD5_Update(MD5_CTX *c, const void *data, size_t len) 11 | __attribute__ ((__bounded__(__buffer__,2,3))); 12 | +int ecall_MD5_Final(unsigned char *md, MD5_CTX *c); 13 | int MD5_Final(unsigned char *md, MD5_CTX *c); 14 | unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md) 15 | __attribute__ ((__bounded__(__buffer__,1,2))); 16 | -------------------------------------------------------------------------------- /src/talos/patch/md5_dgst.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/md5/md5_dgst.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/md5/md5_dgst.c 2017-07-17 11:08:32.241409681 +0100 3 | @@ -69,15 +69,26 @@ 4 | #define INIT_DATA_C (unsigned long)0x98badcfeL 5 | #define INIT_DATA_D (unsigned long)0x10325476L 6 | 7 | +int ecall_MD5_Init(MD5_CTX *c) { 8 | + return MD5_Init(c); 9 | +} 10 | int MD5_Init(MD5_CTX *c) 11 | - { 12 | +{ 13 | memset (c,0,sizeof(*c)); 14 | c->A=INIT_DATA_A; 15 | c->B=INIT_DATA_B; 16 | c->C=INIT_DATA_C; 17 | c->D=INIT_DATA_D; 18 | return 1; 19 | - } 20 | +} 21 | + 22 | +int ecall_MD5_Update(MD5_CTX *c, const void *data, size_t len) { 23 | + return MD5_Update(c, data, len); 24 | +} 25 | + 26 | +int ecall_MD5_Final(unsigned char *md, MD5_CTX *c) { 27 | + return MD5_Final(md, c); 28 | +} 29 | 30 | #ifndef md5_block_data_order 31 | #ifdef X 32 | -------------------------------------------------------------------------------- /src/talos/patch/md5_one.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/md5/md5_one.c 2019-09-04 14:50:24.054778193 +0900 2 | +++ ../talos/./crypto/md5/md5_one.c 2019-09-04 14:49:12.066301032 +0900 3 | @@ -71,7 +71,7 @@ 4 | return NULL; 5 | MD5_Update(&c,d,n); 6 | MD5_Final(md,&c); 7 | - explicit_bzero(&c,sizeof(c)); 8 | + bzero(&c,sizeof(c)); 9 | return(md); 10 | } 11 | 12 | -------------------------------------------------------------------------------- /src/talos/patch/mem_clr.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/mem_clr.c 2019-09-04 14:50:24.054778193 +0900 2 | +++ ../talos/./crypto/mem_clr.c 2019-09-04 14:49:12.066301032 +0900 3 | @@ -7,5 +7,5 @@ 4 | void 5 | OPENSSL_cleanse(void *ptr, size_t len) 6 | { 7 | - explicit_bzero(ptr, len); 8 | + bzero(ptr, len); 9 | } 10 | -------------------------------------------------------------------------------- /src/talos/patch/n_pkey.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/asn1/n_pkey.c 2019-09-04 14:50:24.018777954 +0900 2 | +++ ../talos/./crypto/asn1/n_pkey.c 2019-09-04 14:49:11.842299545 +0900 3 | @@ -281,7 +281,7 @@ 4 | i2d_NETSCAPE_PKEY(pkey, &zz); 5 | 6 | /* Wipe the private key encoding */ 7 | - explicit_bzero(pkey->private_key->data, rsalen); 8 | + bzero(pkey->private_key->data, rsalen); 9 | 10 | if (cb == NULL) 11 | cb = EVP_read_pw_string; 12 | @@ -301,7 +301,7 @@ 13 | 14 | if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL)) 15 | goto err; 16 | - explicit_bzero(buf, sizeof(buf)); 17 | + bzero(buf, sizeof(buf)); 18 | 19 | /* Encrypt private key in place */ 20 | zz = enckey->enckey->digest->data; 21 | @@ -398,7 +398,7 @@ 22 | 23 | if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL)) 24 | goto err; 25 | - explicit_bzero(buf, sizeof(buf)); 26 | + bzero(buf, sizeof(buf)); 27 | 28 | if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL)) 29 | goto err; 30 | -------------------------------------------------------------------------------- /src/talos/patch/names.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/evp/names.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/evp/names.c 2017-07-17 11:08:32.237409759 +0100 3 | @@ -121,6 +121,10 @@ 4 | return (cp); 5 | } 6 | 7 | +EVP_MD *ecall_EVP_get_digestbyname(const char *name) { 8 | + EVP_MD* md = (EVP_MD*)EVP_get_digestbyname(name); 9 | + return md; 10 | +} 11 | const EVP_MD * 12 | EVP_get_digestbyname(const char *name) 13 | { 14 | @@ -131,6 +135,11 @@ 15 | } 16 | 17 | void 18 | +ecall_EVP_cleanup(void) 19 | +{ 20 | + EVP_cleanup(); 21 | +} 22 | +void 23 | EVP_cleanup(void) 24 | { 25 | OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH); 26 | -------------------------------------------------------------------------------- /src/talos/patch/obj_lib.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/objects/obj_lib.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/objects/obj_lib.c 2017-07-17 11:08:32.253409452 +0100 3 | @@ -64,6 +64,12 @@ 4 | #include 5 | #include 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern char *my_strdup(const char *s); 9 | +#else 10 | +#define my_strdup(s) strdup(s) 11 | +#endif 12 | + 13 | ASN1_OBJECT * 14 | OBJ_dup(const ASN1_OBJECT *o) 15 | { 16 | @@ -93,14 +99,14 @@ 17 | r->nid = o->nid; 18 | r->ln = r->sn = NULL; 19 | if (o->ln != NULL) { 20 | - ln = strdup(o->ln); 21 | + ln = my_strdup(o->ln); 22 | if (ln == NULL) 23 | goto err; 24 | r->ln = ln; 25 | } 26 | 27 | if (o->sn != NULL) { 28 | - sn = strdup(o->sn); 29 | + sn = my_strdup(o->sn); 30 | if (sn == NULL) 31 | goto err; 32 | r->sn = sn; 33 | -------------------------------------------------------------------------------- /src/talos/patch/objects.h.patch: -------------------------------------------------------------------------------- 1 | --- ./include/openssl/objects.h 2017-03-08 11:15:50.769463596 +0000 2 | +++ ../talos/./include/openssl/objects.h 2017-03-08 11:13:57.519751035 +0000 3 | @@ -1002,12 +1002,16 @@ 4 | ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o); 5 | ASN1_OBJECT * OBJ_nid2obj(int n); 6 | const char * OBJ_nid2ln(int n); 7 | +char * ecall_OBJ_nid2sn(int n); 8 | const char * OBJ_nid2sn(int n); 9 | +int ecall_OBJ_obj2nid(const ASN1_OBJECT *o); 10 | int OBJ_obj2nid(const ASN1_OBJECT *o); 11 | ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name); 12 | int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); 13 | +int ecall_OBJ_txt2nid(const char *s); 14 | int OBJ_txt2nid(const char *s); 15 | int OBJ_ln2nid(const char *s); 16 | +int ecall_OBJ_sn2nid(const char *s); 17 | int OBJ_sn2nid(const char *s); 18 | int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b); 19 | const void * OBJ_bsearch_(const void *key, const void *base, int num, 20 | @@ -1097,6 +1101,7 @@ 21 | 22 | int OBJ_new_nid(int num); 23 | int OBJ_add_object(const ASN1_OBJECT *obj); 24 | +int ecall_OBJ_create(const char *oid, const char *sn, const char *ln); 25 | int OBJ_create(const char *oid, const char *sn, const char *ln); 26 | void OBJ_cleanup(void ); 27 | int OBJ_create_objects(BIO *in); 28 | -------------------------------------------------------------------------------- /src/talos/patch/ocsp_lib.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/ocsp/ocsp_lib.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/ocsp/ocsp_lib.c 2017-07-17 11:08:32.253409452 +0100 3 | @@ -74,6 +74,12 @@ 4 | #include 5 | #include 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern char *my_strdup(const char *s); 9 | +#else 10 | +#define my_strdup(s) strdup(s) 11 | +#endif 12 | + 13 | /* Convert a certificate and its issuer to an OCSP_CERTID */ 14 | 15 | OCSP_CERTID * 16 | @@ -190,7 +196,7 @@ 17 | *ppath = NULL; 18 | 19 | /* dup the buffer since we are going to mess with it */ 20 | - buf = url ? strdup(url) : NULL; 21 | + buf = url ? my_strdup(url) : NULL; 22 | if (!buf) 23 | goto mem_err; 24 | 25 | @@ -221,9 +227,9 @@ 26 | /* Check for trailing part of path */ 27 | p = strchr(p, '/'); 28 | if (!p) 29 | - *ppath = strdup("/"); 30 | + *ppath = my_strdup("/"); 31 | else { 32 | - *ppath = strdup(p); 33 | + *ppath = my_strdup(p); 34 | /* Set start of path to 0 so hostname is valid */ 35 | *p = '\0'; 36 | } 37 | @@ -243,11 +249,11 @@ 38 | port = "80"; 39 | } 40 | 41 | - *pport = strdup(port); 42 | + *pport = my_strdup(port); 43 | if (!*pport) 44 | goto mem_err; 45 | 46 | - *phost = strdup(host); 47 | + *phost = my_strdup(host); 48 | 49 | if (!*phost) 50 | goto mem_err; 51 | -------------------------------------------------------------------------------- /src/talos/patch/p12_crpt.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/pkcs12/p12_crpt.c 2019-09-04 14:50:24.058778219 +0900 2 | +++ ../talos/./crypto/pkcs12/p12_crpt.c 2019-09-04 14:49:12.102301271 +0900 3 | @@ -112,7 +112,7 @@ 4 | } 5 | PBEPARAM_free(pbe); 6 | ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); 7 | - explicit_bzero(key, EVP_MAX_KEY_LENGTH); 8 | - explicit_bzero(iv, EVP_MAX_IV_LENGTH); 9 | + bzero(key, EVP_MAX_KEY_LENGTH); 10 | + bzero(iv, EVP_MAX_IV_LENGTH); 11 | return ret; 12 | } 13 | -------------------------------------------------------------------------------- /src/talos/patch/p12_decr.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/pkcs12/p12_decr.c 2019-09-04 14:50:24.058778219 +0900 2 | +++ ../talos/./crypto/pkcs12/p12_decr.c 2019-09-04 14:49:12.106301297 +0900 3 | @@ -138,7 +138,7 @@ 4 | p = out; 5 | ret = ASN1_item_d2i(NULL, &p, outlen, it); 6 | if (zbuf) 7 | - explicit_bzero(out, outlen); 8 | + bzero(out, outlen); 9 | if (!ret) 10 | PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, 11 | PKCS12_R_DECODE_ERROR); 12 | @@ -177,7 +177,7 @@ 13 | goto err; 14 | } 15 | if (zbuf) 16 | - explicit_bzero(in, inlen); 17 | + bzero(in, inlen); 18 | free(in); 19 | return oct; 20 | 21 | -------------------------------------------------------------------------------- /src/talos/patch/p12_key.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/pkcs12/p12_key.c 2019-09-04 14:50:24.058778219 +0900 2 | +++ ../talos/./crypto/pkcs12/p12_key.c 2019-09-04 14:49:12.106301297 +0900 3 | @@ -89,7 +89,7 @@ 4 | if (ret <= 0) 5 | return 0; 6 | if (unipass) { 7 | - explicit_bzero(unipass, uniplen); 8 | + bzero(unipass, uniplen); 9 | free(unipass); 10 | } 11 | return ret; 12 | -------------------------------------------------------------------------------- /src/talos/patch/p5_crpt.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/evp/p5_crpt.c 2019-09-04 14:50:24.050778166 +0900 2 | +++ ../talos/./crypto/evp/p5_crpt.c 2019-09-04 14:49:11.978300448 +0900 3 | @@ -147,9 +147,9 @@ 4 | EVP_CIPHER_iv_length(cipher)); 5 | if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de)) 6 | goto err; 7 | - explicit_bzero(md_tmp, EVP_MAX_MD_SIZE); 8 | - explicit_bzero(key, EVP_MAX_KEY_LENGTH); 9 | - explicit_bzero(iv, EVP_MAX_IV_LENGTH); 10 | + bzero(md_tmp, EVP_MAX_MD_SIZE); 11 | + bzero(key, EVP_MAX_KEY_LENGTH); 12 | + bzero(iv, EVP_MAX_IV_LENGTH); 13 | rv = 1; 14 | err: 15 | EVP_MD_CTX_cleanup(&ctx); 16 | -------------------------------------------------------------------------------- /src/talos/patch/p5_crpt2.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/evp/p5_crpt2.c 2019-09-04 14:50:24.050778166 +0900 2 | +++ ../talos/./crypto/evp/p5_crpt2.c 2019-09-04 14:49:11.978300448 +0900 3 | @@ -300,7 +300,7 @@ 4 | rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); 5 | 6 | err: 7 | - explicit_bzero(key, keylen); 8 | + bzero(key, keylen); 9 | PBKDF2PARAM_free(kdf); 10 | return rv; 11 | } 12 | -------------------------------------------------------------------------------- /src/talos/patch/p8_pkey.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/asn1/p8_pkey.c 2019-09-04 14:50:24.018777954 +0900 2 | +++ ../talos/./crypto/asn1/p8_pkey.c 2019-09-04 14:49:11.846299572 +0900 3 | @@ -72,7 +72,7 @@ 4 | if (key->pkey != NULL && 5 | key->pkey->type == V_ASN1_OCTET_STRING && 6 | key->pkey->value.octet_string != NULL) 7 | - explicit_bzero(key->pkey->value.octet_string->data, 8 | + bzero(key->pkey->value.octet_string->data, 9 | key->pkey->value.octet_string->length); 10 | } 11 | return 1; 12 | -------------------------------------------------------------------------------- /src/talos/patch/p_lib.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/evp/p_lib.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/evp/p_lib.c 2017-07-17 11:08:32.237409759 +0100 3 | @@ -85,6 +85,10 @@ 4 | static void EVP_PKEY_free_it(EVP_PKEY *x); 5 | 6 | int 7 | +ecall_EVP_PKEY_bits(EVP_PKEY *pkey) { 8 | + return EVP_PKEY_bits(pkey); 9 | +} 10 | +int 11 | EVP_PKEY_bits(EVP_PKEY *pkey) 12 | { 13 | if (pkey && pkey->ameth && pkey->ameth->pkey_bits) 14 | @@ -371,6 +375,12 @@ 15 | } 16 | #endif 17 | 18 | + 19 | +int 20 | +ecall_EVP_PKEY_type(int type) 21 | +{ 22 | +return EVP_PKEY_type(type); 23 | +} 24 | int 25 | EVP_PKEY_type(int type) 26 | { 27 | @@ -402,6 +412,10 @@ 28 | } 29 | 30 | void 31 | +ecall_EVP_PKEY_free(EVP_PKEY *x) { 32 | + EVP_PKEY_free(x); 33 | +} 34 | +void 35 | EVP_PKEY_free(EVP_PKEY *x) 36 | { 37 | int i; 38 | -------------------------------------------------------------------------------- /src/talos/patch/p_open.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/evp/p_open.c 2019-09-04 14:50:24.050778166 +0900 2 | +++ ../talos/./crypto/evp/p_open.c 2019-09-04 14:49:11.982300474 +0900 3 | @@ -110,7 +110,7 @@ 4 | 5 | err: 6 | if (key != NULL) 7 | - explicit_bzero(key, size); 8 | + bzero(key, size); 9 | free(key); 10 | return (ret); 11 | } 12 | -------------------------------------------------------------------------------- /src/talos/patch/pem.h.patch: -------------------------------------------------------------------------------- 1 | --- ./include/openssl/pem.h 2017-03-08 11:15:50.773463515 +0000 2 | +++ ../talos/./include/openssl/pem.h 2017-03-08 11:13:57.523750953 +0000 3 | @@ -405,6 +405,9 @@ 4 | long len); 5 | void * PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, 6 | pem_password_cb *cb, void *u); 7 | +int ecall_PEM_ASN1_write(i2d_of_void *i2d, const char *name, void *fp, 8 | + void *x, const EVP_CIPHER *enc, unsigned char *kstr, 9 | + int klen, pem_password_cb *callback, void *u); 10 | int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, 11 | void *x, const EVP_CIPHER *enc, unsigned char *kstr, 12 | int klen, pem_password_cb *callback, void *u); 13 | @@ -431,8 +434,12 @@ 14 | 15 | DECLARE_PEM_rw(X509, X509) 16 | 17 | +X509 *ecall_PEM_read_bio_X509(BIO *bp, X509 **x, void *cb, void *u); 18 | + 19 | DECLARE_PEM_rw(X509_AUX, X509) 20 | 21 | +X509 *ecall_PEM_read_bio_X509_AUX(BIO *bp, X509 **x, void *cb, void *u); 22 | + 23 | DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) 24 | 25 | DECLARE_PEM_rw(X509_REQ, X509_REQ) 26 | @@ -468,6 +475,7 @@ 27 | #endif 28 | 29 | #ifndef OPENSSL_NO_EC 30 | +EC_GROUP *ecall_PEM_read_bio_ECPKParameters(BIO *bp, EC_GROUP **x, void *func, void *u); 31 | DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) 32 | DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) 33 | DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) 34 | @@ -475,6 +483,7 @@ 35 | 36 | #ifndef OPENSSL_NO_DH 37 | 38 | +DH *ecall_PEM_read_bio_DHparams(BIO *bp, DH **x, void* cb, void *u); 39 | DECLARE_PEM_rw_const(DHparams, DH) 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /src/talos/patch/pem_info.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/pem/pem_info.c 2019-09-04 14:50:24.054778193 +0900 2 | +++ ../talos/./crypto/pem/pem_info.c 2019-09-04 14:49:12.078301111 +0900 3 | @@ -400,7 +400,7 @@ 4 | ret = 1; 5 | 6 | err: 7 | - explicit_bzero((char *)&ctx, sizeof(ctx)); 8 | - explicit_bzero(buf, PEM_BUFSIZE); 9 | + bzero((char *)&ctx, sizeof(ctx)); 10 | + bzero(buf, PEM_BUFSIZE); 11 | return (ret); 12 | } 13 | -------------------------------------------------------------------------------- /src/talos/patch/pem_pk8.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/pem/pem_pk8.c 2019-09-04 14:50:24.058778219 +0900 2 | +++ ../talos/./crypto/pem/pem_pk8.c 2019-09-04 14:49:12.090301191 +0900 3 | @@ -136,7 +136,7 @@ 4 | } 5 | p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf); 6 | if (kstr == buf) 7 | - explicit_bzero(buf, klen); 8 | + bzero(buf, klen); 9 | PKCS8_PRIV_KEY_INFO_free(p8inf); 10 | if (isder) 11 | ret = i2d_PKCS8_bio(bp, p8); 12 | -------------------------------------------------------------------------------- /src/talos/patch/pem_pkey.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/pem/pem_pkey.c 2019-09-04 14:50:24.058778219 +0900 2 | +++ ../talos/./crypto/pem/pem_pkey.c 2019-09-04 14:49:12.090301191 +0900 3 | @@ -75,8 +75,33 @@ 4 | 5 | #include "asn1_locl.h" 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +#include "enclaveshim_ocalls.h" 9 | +#endif 10 | + 11 | int pem_check_suffix(const char *pem_str, const char *suffix); 12 | 13 | +#ifdef COMPILE_WITH_INTEL_SGX 14 | +pem_password_cb* pem_read_bio_privatekey_cb_address = NULL; 15 | + 16 | +int pem_read_bio_privatekey_fake_cb(char *buf, int size, int rwflag, void *userdata) { 17 | + if (pem_read_bio_privatekey_cb_address) { 18 | + my_fprintf(0, "need to call pem_read_bio_privatekey_cb_address\n"); 19 | + } 20 | + return 0; 21 | +} 22 | +#endif 23 | + 24 | +EVP_PKEY* ecall_PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, void* cb, void *u) { 25 | +#ifdef COMPILE_WITH_INTEL_SGX 26 | + pem_read_bio_privatekey_cb_address = (pem_password_cb*)cb; 27 | + pem_password_cb* callback = pem_read_bio_privatekey_fake_cb; 28 | +#else 29 | + pem_password_cb* callback = (pem_password_cb*)cb; 30 | +#endif 31 | + return PEM_read_bio_PrivateKey(bp, x, callback, u); 32 | +} 33 | + 34 | EVP_PKEY * 35 | PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u) 36 | { 37 | @@ -144,7 +169,7 @@ 38 | PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB); 39 | err: 40 | free(nm); 41 | - explicit_bzero(data, len); 42 | + bzero(data, len); 43 | free(data); 44 | return (ret); 45 | } 46 | -------------------------------------------------------------------------------- /src/talos/patch/pem_seal.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/pem/pem_seal.c 2019-09-04 14:50:24.058778219 +0900 2 | +++ ../talos/./crypto/pem/pem_seal.c 2019-09-04 14:49:12.094301217 +0900 3 | @@ -117,7 +117,7 @@ 4 | 5 | err: 6 | free(s); 7 | - explicit_bzero(key, EVP_MAX_KEY_LENGTH); 8 | + bzero(key, EVP_MAX_KEY_LENGTH); 9 | return (ret); 10 | } 11 | 12 | -------------------------------------------------------------------------------- /src/talos/patch/pem_x509.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/pem/pem_x509.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/pem/pem_x509.c 2017-07-17 11:08:32.253409452 +0100 3 | @@ -65,3 +65,7 @@ 4 | #include 5 | 6 | IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509) 7 | + 8 | +X509 *ecall_PEM_read_bio_X509(BIO *bp, X509 **x, void *cb, void *u) { 9 | + return PEM_read_bio_X509(bp, x, (pem_password_cb*)cb, u); 10 | +} 11 | -------------------------------------------------------------------------------- /src/talos/patch/pem_xaux.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/pem/pem_xaux.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/pem/pem_xaux.c 2017-07-17 11:08:32.257409376 +0100 3 | @@ -67,3 +67,9 @@ 4 | IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX) 5 | IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, 6 | X509_CERT_PAIR) 7 | + 8 | + 9 | +X509 *ecall_PEM_read_bio_X509_AUX(BIO *bp, X509 **x, void *cb, void *u) 10 | +{ 11 | + return PEM_read_bio_X509_AUX(bp, x, (pem_password_cb*)cb, u); 12 | +} 13 | -------------------------------------------------------------------------------- /src/talos/patch/pk7_doit.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/pkcs7/pk7_doit.c 2019-09-04 14:50:24.058778219 +0900 2 | +++ ../talos/./crypto/pkcs7/pk7_doit.c 2019-09-04 14:49:12.114301350 +0900 3 | @@ -233,7 +233,7 @@ 4 | ret = 1; 5 | 6 | if (*pek) { 7 | - explicit_bzero(*pek, *peklen); 8 | + bzero(*pek, *peklen); 9 | free(*pek); 10 | } 11 | 12 | @@ -371,7 +371,7 @@ 13 | if (pkcs7_encode_rinfo(ri, key, keylen) <= 0) 14 | goto err; 15 | } 16 | - explicit_bzero(key, keylen); 17 | + bzero(key, keylen); 18 | 19 | if (out == NULL) 20 | out = btmp; 21 | @@ -588,7 +588,7 @@ 22 | */ 23 | if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) { 24 | /* Use random key as MMA defence */ 25 | - explicit_bzero(ek, eklen); 26 | + bzero(ek, eklen); 27 | free(ek); 28 | ek = tkey; 29 | eklen = tkeylen; 30 | @@ -601,12 +601,12 @@ 31 | goto err; 32 | 33 | if (ek) { 34 | - explicit_bzero(ek, eklen); 35 | + bzero(ek, eklen); 36 | free(ek); 37 | ek = NULL; 38 | } 39 | if (tkey) { 40 | - explicit_bzero(tkey, tkeylen); 41 | + bzero(tkey, tkeylen); 42 | free(tkey); 43 | tkey = NULL; 44 | } 45 | @@ -635,11 +635,11 @@ 46 | if (0) { 47 | err: 48 | if (ek) { 49 | - explicit_bzero(ek, eklen); 50 | + bzero(ek, eklen); 51 | free(ek); 52 | } 53 | if (tkey) { 54 | - explicit_bzero(tkey, tkeylen); 55 | + bzero(tkey, tkeylen); 56 | free(tkey); 57 | } 58 | if (out != NULL) 59 | -------------------------------------------------------------------------------- /src/talos/patch/pvkfmt.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/pem/pvkfmt.c 2019-09-04 14:50:24.058778219 +0900 2 | +++ ../talos/./crypto/pem/pvkfmt.c 2019-09-04 14:49:12.102301271 +0900 3 | @@ -773,7 +773,7 @@ 4 | if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, 5 | NULL)) 6 | goto err; 7 | - explicit_bzero(keybuf, 20); 8 | + bzero(keybuf, 20); 9 | if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen)) 10 | goto err; 11 | if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, 12 | @@ -785,7 +785,7 @@ 13 | goto err; 14 | } 15 | } else 16 | - explicit_bzero(keybuf, 20); 17 | + bzero(keybuf, 20); 18 | p = enctmp; 19 | } 20 | 21 | @@ -831,7 +831,7 @@ 22 | 23 | err: 24 | if (buf) { 25 | - explicit_bzero(buf, buflen); 26 | + bzero(buf, buflen); 27 | free(buf); 28 | } 29 | return ret; 30 | @@ -902,7 +902,7 @@ 31 | p = salt + PVK_SALTLEN + 8; 32 | if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL)) 33 | goto error; 34 | - explicit_bzero(keybuf, 20); 35 | + bzero(keybuf, 20); 36 | if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8)) 37 | goto error; 38 | if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen)) 39 | -------------------------------------------------------------------------------- /src/talos/patch/randfile.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/rand/randfile.c 2019-09-04 14:50:24.058778219 +0900 2 | +++ ../talos/./crypto/rand/randfile.c 2019-09-04 14:49:12.118301377 +0900 3 | @@ -130,7 +130,7 @@ 4 | } 5 | 6 | fclose(out); 7 | - explicit_bzero(buf, BUFSIZE); 8 | + bzero(buf, BUFSIZE); 9 | return ret; 10 | } 11 | 12 | -------------------------------------------------------------------------------- /src/talos/patch/rmd_one.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/ripemd/rmd_one.c 2019-09-04 14:50:24.058778219 +0900 2 | +++ ../talos/./crypto/ripemd/rmd_one.c 2019-09-04 14:49:12.118301377 +0900 3 | @@ -72,7 +72,7 @@ 4 | return NULL; 5 | RIPEMD160_Update(&c,d,n); 6 | RIPEMD160_Final(md,&c); 7 | - explicit_bzero(&c,sizeof(c)); 8 | + bzero(&c,sizeof(c)); 9 | return(md); 10 | } 11 | 12 | -------------------------------------------------------------------------------- /src/talos/patch/rsa_eay.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/rsa/rsa_eay.c 2019-09-04 14:50:24.058778219 +0900 2 | +++ ../talos/./crypto/rsa/rsa_eay.c 2019-09-04 14:49:12.126301429 +0900 3 | @@ -243,7 +243,7 @@ 4 | BN_CTX_free(ctx); 5 | } 6 | if (buf != NULL) { 7 | - explicit_bzero(buf, num); 8 | + bzero(buf, num); 9 | free(buf); 10 | } 11 | return r; 12 | @@ -473,7 +473,7 @@ 13 | BN_CTX_free(ctx); 14 | } 15 | if (buf != NULL) { 16 | - explicit_bzero(buf, num); 17 | + bzero(buf, num); 18 | free(buf); 19 | } 20 | return r; 21 | @@ -608,7 +608,7 @@ 22 | BN_CTX_free(ctx); 23 | } 24 | if (buf != NULL) { 25 | - explicit_bzero(buf, num); 26 | + bzero(buf, num); 27 | free(buf); 28 | } 29 | return r; 30 | @@ -713,7 +713,7 @@ 31 | BN_CTX_free(ctx); 32 | } 33 | if (buf != NULL) { 34 | - explicit_bzero(buf, num); 35 | + bzero(buf, num); 36 | free(buf); 37 | } 38 | return r; 39 | -------------------------------------------------------------------------------- /src/talos/patch/rsa_saos.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/rsa/rsa_saos.c 2019-09-04 14:50:24.058778219 +0900 2 | +++ ../talos/./crypto/rsa/rsa_saos.c 2019-09-04 14:49:12.126301429 +0900 3 | @@ -97,7 +97,7 @@ 4 | else 5 | *siglen = i; 6 | 7 | - explicit_bzero(s, (unsigned int)j + 1); 8 | + bzero(s, (unsigned int)j + 1); 9 | free(s); 10 | return ret; 11 | } 12 | @@ -142,7 +142,7 @@ 13 | err: 14 | ASN1_OCTET_STRING_free(sig); 15 | if (s != NULL) { 16 | - explicit_bzero(s, (unsigned int)siglen); 17 | + bzero(s, (unsigned int)siglen); 18 | free(s); 19 | } 20 | return ret; 21 | -------------------------------------------------------------------------------- /src/talos/patch/rsa_sign.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/rsa/rsa_sign.c 2019-09-04 14:50:24.058778219 +0900 2 | +++ ../talos/./crypto/rsa/rsa_sign.c 2019-09-04 14:49:12.130301456 +0900 3 | @@ -137,7 +137,7 @@ 4 | *siglen = i; 5 | 6 | if (type != NID_md5_sha1) { 7 | - explicit_bzero(tmps, (unsigned int)j + 1); 8 | + bzero(tmps, (unsigned int)j + 1); 9 | free(tmps); 10 | } 11 | return (ret); 12 | @@ -237,7 +237,7 @@ 13 | if (sig != NULL) 14 | X509_SIG_free(sig); 15 | if (s != NULL) { 16 | - explicit_bzero(s, (unsigned int)siglen); 17 | + bzero(s, (unsigned int)siglen); 18 | free(s); 19 | } 20 | return ret; 21 | -------------------------------------------------------------------------------- /src/talos/patch/s3_clnt.c.patch: -------------------------------------------------------------------------------- 1 | --- ./ssl/s3_clnt.c 2019-09-04 14:50:24.070778299 +0900 2 | +++ ../talos/./ssl/s3_clnt.c 2019-09-04 14:49:18.646344685 +0900 3 | @@ -1899,7 +1899,7 @@ 4 | ret = 1; 5 | 6 | err: 7 | - explicit_bzero(tmp_buf, sizeof(tmp_buf)); 8 | + bzero(tmp_buf, sizeof(tmp_buf)); 9 | EVP_PKEY_free(pkey); 10 | 11 | return (ret); 12 | @@ -1961,7 +1961,7 @@ 13 | err: 14 | DH_free(dh_clnt); 15 | if (key != NULL) 16 | - explicit_bzero(key, key_size); 17 | + bzero(key, key_size); 18 | free(key); 19 | 20 | return (ret); 21 | @@ -2087,7 +2087,7 @@ 22 | 23 | err: 24 | if (key != NULL) 25 | - explicit_bzero(key, key_size); 26 | + bzero(key, key_size); 27 | free(key); 28 | 29 | BN_CTX_free(bn_ctx); 30 | @@ -2209,7 +2209,7 @@ 31 | ret = 1; 32 | 33 | err: 34 | - explicit_bzero(premaster_secret, sizeof(premaster_secret)); 35 | + bzero(premaster_secret, sizeof(premaster_secret)); 36 | EVP_PKEY_free(pub_key); 37 | 38 | return (ret); 39 | -------------------------------------------------------------------------------- /src/talos/patch/s3_srvr.c.patch: -------------------------------------------------------------------------------- 1 | --- ./ssl/s3_srvr.c 2019-09-04 14:50:24.074778325 +0900 2 | +++ ../talos/./ssl/s3_srvr.c 2019-09-04 14:49:18.690344977 +0900 3 | @@ -1707,7 +1707,7 @@ 4 | s->method->ssl3_enc->generate_master_secret(s, 5 | s->session->master_key, 6 | p, i); 7 | - explicit_bzero(p, i); 8 | + bzero(p, i); 9 | } else if (alg_k & SSL_kDHE) { 10 | if (2 > n) 11 | goto truncated; 12 | @@ -1758,7 +1758,7 @@ 13 | s->session->master_key_length = 14 | s->method->ssl3_enc->generate_master_secret( 15 | s, s->session->master_key, p, i); 16 | - explicit_bzero(p, i); 17 | + bzero(p, i); 18 | } else 19 | 20 | if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { 21 | @@ -1902,7 +1902,7 @@ 22 | s->session->master_key_length = s->method->ssl3_enc-> \ 23 | generate_master_secret(s, s->session->master_key, p, i); 24 | 25 | - explicit_bzero(p, i); 26 | + bzero(p, i); 27 | return (ret); 28 | } else 29 | if (alg_k & SSL_kGOST) { 30 | -------------------------------------------------------------------------------- /src/talos/patch/sha1_one.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/sha/sha1_one.c 2019-09-04 14:50:24.058778219 +0900 2 | +++ ../talos/./crypto/sha/sha1_one.c 2019-09-04 14:49:12.134301483 +0900 3 | @@ -75,7 +75,7 @@ 4 | return NULL; 5 | SHA1_Update(&c,d,n); 6 | SHA1_Final(md,&c); 7 | - explicit_bzero(&c,sizeof(c)); 8 | + bzero(&c,sizeof(c)); 9 | return(md); 10 | } 11 | #endif 12 | -------------------------------------------------------------------------------- /src/talos/patch/sha256.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/sha/sha256.c 2019-09-04 14:50:24.058778219 +0900 2 | +++ ../talos/./crypto/sha/sha256.c 2019-09-04 14:49:12.134301483 +0900 3 | @@ -49,7 +49,7 @@ 4 | SHA224_Init(&c); 5 | SHA256_Update(&c,d,n); 6 | SHA256_Final(md,&c); 7 | - explicit_bzero(&c,sizeof(c)); 8 | + bzero(&c,sizeof(c)); 9 | return(md); 10 | } 11 | 12 | @@ -62,7 +62,7 @@ 13 | SHA256_Init(&c); 14 | SHA256_Update(&c,d,n); 15 | SHA256_Final(md,&c); 16 | - explicit_bzero(&c,sizeof(c)); 17 | + bzero(&c,sizeof(c)); 18 | return(md); 19 | } 20 | 21 | -------------------------------------------------------------------------------- /src/talos/patch/sha512.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/sha/sha512.c 2019-09-04 14:50:24.058778219 +0900 2 | +++ ../talos/./crypto/sha/sha512.c 2019-09-04 14:49:12.138301509 +0900 3 | @@ -248,7 +248,7 @@ 4 | SHA384_Init(&c); 5 | SHA512_Update(&c,d,n); 6 | SHA512_Final(md,&c); 7 | - explicit_bzero(&c,sizeof(c)); 8 | + bzero(&c,sizeof(c)); 9 | return(md); 10 | } 11 | 12 | @@ -261,7 +261,7 @@ 13 | SHA512_Init(&c); 14 | SHA512_Update(&c,d,n); 15 | SHA512_Final(md,&c); 16 | - explicit_bzero(&c,sizeof(c)); 17 | + bzero(&c,sizeof(c)); 18 | return(md); 19 | } 20 | 21 | -------------------------------------------------------------------------------- /src/talos/patch/ssl_algs.c.patch: -------------------------------------------------------------------------------- 1 | --- ./ssl/ssl_algs.c 2017-11-28 10:46:52.004404366 +0000 2 | +++ ../talos/./ssl/ssl_algs.c 2017-07-17 11:08:26.857512440 +0100 3 | @@ -64,6 +64,10 @@ 4 | #include "ssl_locl.h" 5 | 6 | int 7 | +ecall_SSL_library_init(void) { 8 | + return SSL_library_init(); 9 | +} 10 | +int 11 | SSL_library_init(void) 12 | { 13 | 14 | -------------------------------------------------------------------------------- /src/talos/patch/ssl_cert.c.patch: -------------------------------------------------------------------------------- 1 | --- ./ssl/ssl_cert.c 2017-11-28 10:46:52.004404366 +0000 2 | +++ ../talos/./ssl/ssl_cert.c 2017-07-17 11:08:26.857512440 +0100 3 | @@ -130,6 +130,12 @@ 4 | 5 | #include "ssl_locl.h" 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern int my_asprintf(char **strp, const char *fmt, ...); 9 | +#else 10 | +#define my_asprintf(strp, fmt, ...) asprintf(strp, fmt, __VA_ARGS__) 11 | +#endif 12 | + 13 | int 14 | SSL_get_ex_data_X509_STORE_CTX_idx(void) 15 | { 16 | @@ -493,10 +499,14 @@ 17 | set_client_CA_list(&(ctx->client_CA), name_list); 18 | } 19 | 20 | -STACK_OF(X509_NAME) * 21 | +void* 22 | +ecall_SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) { 23 | + return SSL_CTX_get_client_CA_list(ctx); 24 | +} 25 | +void* 26 | SSL_CTX_get_client_CA_list(const SSL_CTX *ctx) 27 | { 28 | - return (ctx->client_CA); 29 | + return (void*)(ctx->client_CA); 30 | } 31 | 32 | STACK_OF(X509_NAME) * 33 | @@ -703,7 +713,7 @@ 34 | if (dirp) { 35 | struct dirent *dp; 36 | while ((dp = readdir(dirp)) != NULL) { 37 | - if (asprintf(&path, "%s/%s", dir, dp->d_name) != -1) { 38 | + if (my_asprintf(&path, "%s/%s", dir, dp->d_name) != -1) { 39 | ret = SSL_add_file_cert_subjects_to_stack( 40 | stack, path); 41 | free(path); 42 | -------------------------------------------------------------------------------- /src/talos/patch/ssl_err2.c.patch: -------------------------------------------------------------------------------- 1 | --- ./ssl/ssl_err2.c 2017-11-28 10:46:52.004404366 +0000 2 | +++ ../talos/./ssl/ssl_err2.c 2017-07-17 11:08:26.857512440 +0100 3 | @@ -62,6 +62,10 @@ 4 | #include 5 | 6 | void 7 | +ecall_SSL_load_error_strings(void) { 8 | + SSL_load_error_strings(); 9 | +} 10 | +void 11 | SSL_load_error_strings(void) 12 | { 13 | #ifndef OPENSSL_NO_ERR 14 | -------------------------------------------------------------------------------- /src/talos/patch/ssl_locl.h.patch: -------------------------------------------------------------------------------- 1 | --- ./ssl/ssl_locl.h 2017-11-28 10:46:52.004404366 +0000 2 | +++ ../talos/./ssl/ssl_locl.h 2017-07-17 11:08:26.857512440 +0100 3 | @@ -595,6 +595,7 @@ 4 | int ssl_verify_alarm_type(long type); 5 | void ssl_load_ciphers(void); 6 | 7 | +SSL_CIPHER * ecall_ssl3_get_cipher_name_by_char(const unsigned char* p, char* cipher_name); 8 | const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); 9 | int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); 10 | int ssl3_send_server_certificate(SSL *s); 11 | @@ -844,4 +845,9 @@ 12 | size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret, 13 | unsigned mac_secret_length, char is_sslv3); 14 | 15 | +/* ssl_lib.c */ 16 | +#ifdef COMPILE_WITH_INTEL_SGX 17 | +void ssl_ctx_info_fake_cb(const SSL *ssl, int type, int val); 18 | +#endif 19 | + 20 | #endif 21 | -------------------------------------------------------------------------------- /src/talos/patch/ssl_stat.c.patch: -------------------------------------------------------------------------------- 1 | --- ./ssl/ssl_stat.c 2017-11-28 10:46:52.004404366 +0000 2 | +++ ../talos/./ssl/ssl_stat.c 2017-07-17 11:08:26.857512440 +0100 3 | @@ -86,6 +86,30 @@ 4 | 5 | #include "ssl_locl.h" 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +#include "sgx_error.h" 9 | + 10 | +extern sgx_status_t ocall_malloc(void** retval, size_t size); 11 | + 12 | +char* SSL_state_string_long_buffer = NULL; 13 | +#endif 14 | + 15 | +char* 16 | +ecall_SSL_state_string_long(const SSL *s) 17 | +{ 18 | + char* ret = (char*) SSL_state_string_long(s); 19 | +#ifdef COMPILE_WITH_INTEL_SGX 20 | + if (!SSL_state_string_long_buffer) { 21 | + ocall_malloc((void*)&SSL_state_string_long_buffer, 8192); 22 | + } 23 | + size_t sz = strlen(ret); 24 | + memcpy(SSL_state_string_long_buffer, ret, sz); 25 | + SSL_state_string_long_buffer[sz] = '\0'; 26 | + ret = SSL_state_string_long_buffer; 27 | +#endif 28 | + return ret; 29 | +} 30 | + 31 | const char * 32 | SSL_state_string_long(const SSL *s) 33 | { 34 | -------------------------------------------------------------------------------- /src/talos/patch/stack.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/stack/stack.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/stack/stack.c 2017-07-17 11:08:32.257409376 +0100 3 | @@ -106,6 +106,10 @@ 4 | return (NULL); 5 | } 6 | 7 | +void* 8 | +ecall_sk_new_null(void) { 9 | + return (void*)sk_new_null(); 10 | +} 11 | _STACK * 12 | sk_new_null(void) 13 | { 14 | @@ -269,6 +273,27 @@ 15 | st->num = 0; 16 | } 17 | 18 | +#ifdef COMPILE_WITH_INTEL_SGX 19 | +extern void ocall_sk_pop_free_cb_wrapper(void* data, void* cb); 20 | + 21 | +static void* sk_pop_free_cb_addr = NULL; 22 | +void sk_pop_free_fake_cb(void* data) { 23 | + if (sk_pop_free_cb_addr) { 24 | + ocall_sk_pop_free_cb_wrapper(data, sk_pop_free_cb_addr); 25 | + } 26 | +} 27 | +#endif 28 | + 29 | +void 30 | +ecall_sk_pop_free(void *st, void* cb) 31 | +{ 32 | +#ifdef COMPILE_WITH_INTEL_SGX 33 | + sk_pop_free_cb_addr = cb; 34 | + sk_pop_free((_STACK*)st, (void (*)(void *))sk_pop_free_fake_cb); 35 | +#else 36 | + sk_pop_free((_STACK*)st, (void (*)(void *))cb); 37 | +#endif 38 | +} 39 | void 40 | sk_pop_free(_STACK *st, void (*func)(void *)) 41 | { 42 | @@ -292,6 +317,11 @@ 43 | } 44 | 45 | int 46 | +ecall_sk_num(const void *st) { 47 | + return sk_num((const _STACK*)st); 48 | +} 49 | + 50 | +int 51 | sk_num(const _STACK *st) 52 | { 53 | if (st == NULL) 54 | @@ -300,6 +330,11 @@ 55 | } 56 | 57 | void * 58 | +ecall_sk_value(const void *st, int i) 59 | +{ 60 | + return sk_value(st, i); 61 | +} 62 | +void * 63 | sk_value(const _STACK *st, int i) 64 | { 65 | if (!st || (i < 0) || (i >= st->num)) 66 | -------------------------------------------------------------------------------- /src/talos/patch/stack.h.patch: -------------------------------------------------------------------------------- 1 | --- ./include/openssl/stack.h 2017-03-08 11:15:50.777463435 +0000 2 | +++ ../talos/./include/openssl/stack.h 2017-03-08 11:13:57.535750713 +0000 3 | @@ -75,14 +75,18 @@ 4 | #define M_sk_num(sk) ((sk) ? (sk)->num:-1) 5 | #define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) 6 | 7 | +int ecall_sk_num(const void *); 8 | int sk_num(const _STACK *); 9 | +void *ecall_sk_value(const void *, int); 10 | void *sk_value(const _STACK *, int); 11 | 12 | void *sk_set(_STACK *, int, void *); 13 | 14 | _STACK *sk_new(int (*cmp)(const void *, const void *)); 15 | +void* ecall_sk_new_null(void); 16 | _STACK *sk_new_null(void); 17 | void sk_free(_STACK *); 18 | +void ecall_sk_pop_free(void* st, void* cb); 19 | void sk_pop_free(_STACK *st, void (*func)(void *)); 20 | int sk_insert(_STACK *sk, void *data, int where); 21 | void *sk_delete(_STACK *st, int loc); 22 | -------------------------------------------------------------------------------- /src/talos/patch/str2key.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/des/str2key.c 2019-09-04 14:50:24.042778113 +0900 2 | +++ ../talos/./crypto/des/str2key.c 2019-09-04 14:49:11.906299970 +0900 3 | @@ -95,7 +95,7 @@ 4 | DES_set_key_unchecked(key,&ks); 5 | #endif 6 | DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key); 7 | - explicit_bzero(&ks,sizeof(ks)); 8 | + bzero(&ks,sizeof(ks)); 9 | DES_set_odd_parity(key); 10 | } 11 | 12 | @@ -168,7 +168,7 @@ 13 | DES_set_key_unchecked(key2,&ks); 14 | #endif 15 | DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2); 16 | - explicit_bzero(&ks,sizeof(ks)); 17 | + bzero(&ks,sizeof(ks)); 18 | DES_set_odd_parity(key1); 19 | DES_set_odd_parity(key2); 20 | } 21 | -------------------------------------------------------------------------------- /src/talos/patch/streebog.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/gost/streebog.c 2019-09-04 14:50:24.054778193 +0900 2 | +++ ../talos/./crypto/gost/streebog.c 2019-09-04 14:49:12.002300607 +0900 3 | @@ -1455,7 +1455,7 @@ 4 | STREEBOG256_Init(&c); 5 | STREEBOG256_Update(&c, d, n); 6 | STREEBOG256_Final(md, &c); 7 | - explicit_bzero(&c, sizeof(c)); 8 | + bzero(&c, sizeof(c)); 9 | return (md); 10 | } 11 | 12 | @@ -1470,7 +1470,7 @@ 13 | STREEBOG512_Init(&c); 14 | STREEBOG512_Update(&c, d, n); 15 | STREEBOG512_Final(md, &c); 16 | - explicit_bzero(&c, sizeof(c)); 17 | + bzero(&c, sizeof(c)); 18 | return (md); 19 | } 20 | 21 | -------------------------------------------------------------------------------- /src/talos/patch/t1_clnt.c.patch: -------------------------------------------------------------------------------- 1 | --- ./ssl/t1_clnt.c 2017-11-28 10:46:52.004404366 +0000 2 | +++ ../talos/./ssl/t1_clnt.c 2017-07-17 11:08:26.857512440 +0100 3 | @@ -206,6 +206,10 @@ 4 | return (NULL); 5 | } 6 | 7 | +SSL_METHOD * 8 | +ecall_SSLv23_client_method(void) { 9 | + return (SSL_METHOD*)SSLv23_client_method(); 10 | +} 11 | const SSL_METHOD * 12 | SSLv23_client_method(void) 13 | { 14 | -------------------------------------------------------------------------------- /src/talos/patch/t1_enc.c.patch: -------------------------------------------------------------------------------- 1 | --- ./ssl/t1_enc.c 2019-09-04 14:50:24.074778325 +0900 2 | +++ ../talos/./ssl/t1_enc.c 2019-09-04 14:49:18.710345109 +0900 3 | @@ -147,7 +147,7 @@ 4 | tls1_cleanup_key_block(SSL *s) 5 | { 6 | if (s->s3->tmp.key_block != NULL) { 7 | - explicit_bzero(s->s3->tmp.key_block, 8 | + bzero(s->s3->tmp.key_block, 9 | s->s3->tmp.key_block_length); 10 | free(s->s3->tmp.key_block); 11 | s->s3->tmp.key_block = NULL; 12 | @@ -348,7 +348,7 @@ 13 | EVP_PKEY_free(mac_key); 14 | EVP_MD_CTX_cleanup(&ctx); 15 | EVP_MD_CTX_cleanup(&ctx_tmp); 16 | - explicit_bzero(A1, sizeof(A1)); 17 | + bzero(A1, sizeof(A1)); 18 | return ret; 19 | } 20 | 21 | @@ -793,7 +793,7 @@ 22 | 23 | err: 24 | if (tmp_block) { 25 | - explicit_bzero(tmp_block, key_block_len); 26 | + bzero(tmp_block, key_block_len); 27 | free(tmp_block); 28 | } 29 | return (ret); 30 | -------------------------------------------------------------------------------- /src/talos/patch/t1_meth.c.patch: -------------------------------------------------------------------------------- 1 | --- ./ssl/t1_meth.c 2017-11-28 10:46:52.004404366 +0000 2 | +++ ../talos/./ssl/t1_meth.c 2017-07-17 11:08:26.857512440 +0100 3 | @@ -205,6 +205,10 @@ 4 | } 5 | 6 | const SSL_METHOD * 7 | +ecall_SSLv23_method(void) { 8 | + return SSLv23_method(); 9 | +} 10 | +const SSL_METHOD * 11 | SSLv23_method(void) 12 | { 13 | return (TLS_method()); 14 | -------------------------------------------------------------------------------- /src/talos/patch/t1_srvr.c.patch: -------------------------------------------------------------------------------- 1 | --- ./ssl/t1_srvr.c 2017-11-28 10:46:52.004404366 +0000 2 | +++ ../talos/./ssl/t1_srvr.c 2017-07-17 11:08:26.857512440 +0100 3 | @@ -207,6 +207,10 @@ 4 | return (NULL); 5 | } 6 | 7 | +SSL_METHOD * 8 | +ecall_SSLv23_server_method(void) { 9 | + return (SSL_METHOD*)SSLv23_server_method(); 10 | +} 11 | const SSL_METHOD * 12 | SSLv23_server_method(void) 13 | { 14 | -------------------------------------------------------------------------------- /src/talos/patch/tasn_fre.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/asn1/tasn_fre.c 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/asn1/tasn_fre.c 2017-07-17 11:08:32.261409300 +0100 3 | @@ -62,6 +62,15 @@ 4 | #include 5 | #include 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +#include "sgx_error.h" 9 | +#include "sgx_trts.h" 10 | + 11 | +#include "enclaveshim_config.h" 12 | + 13 | +extern sgx_status_t ocall_free(void* ptr); 14 | +#endif 15 | + 16 | static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, 17 | int combine); 18 | 19 | @@ -79,6 +88,21 @@ 20 | asn1_item_combine_free(pval, it, 0); 21 | } 22 | 23 | +static void smart_free(void* ptr) { 24 | +#ifdef COMPILE_WITH_INTEL_SGX 25 | + if (sgx_is_within_enclave(ptr, 1)) { 26 | +#endif 27 | +#ifndef SQUID_WORKAROUND 28 | + //Squid frees the same pointer twice with SGX... 29 | + free(ptr); 30 | +#endif 31 | +#ifdef COMPILE_WITH_INTEL_SGX 32 | + } else { 33 | + ocall_free(ptr); 34 | + } 35 | +#endif 36 | +} 37 | + 38 | static void 39 | asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine) 40 | { 41 | @@ -122,7 +146,7 @@ 42 | if (asn1_cb) 43 | asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); 44 | if (!combine) { 45 | - free(*pval); 46 | + smart_free(*pval); 47 | *pval = NULL; 48 | } 49 | break; 50 | @@ -160,7 +184,7 @@ 51 | if (asn1_cb) 52 | asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); 53 | if (!combine) { 54 | - free(*pval); 55 | + smart_free(*pval); 56 | *pval = NULL; 57 | } 58 | break; 59 | -------------------------------------------------------------------------------- /src/talos/patch/tls1.h.patch: -------------------------------------------------------------------------------- 1 | --- ./include/openssl/tls1.h 2017-03-08 11:15:50.781463353 +0000 2 | +++ ../talos/./include/openssl/tls1.h 2017-03-08 11:13:57.539750632 +0000 3 | @@ -301,6 +301,8 @@ 4 | 5 | #define TLSEXT_MAXLEN_host_name 255 6 | 7 | +void ecall_SSL_get_servername(const SSL *s, int type, char* servername, int* len); 8 | +const char *SSL_get_servername(const SSL *s, const int type); 9 | const char *SSL_get_servername(const SSL *s, const int type); 10 | int SSL_get_servername_type(const SSL *s); 11 | /* SSL_export_keying_material exports a value derived from the master secret, 12 | -------------------------------------------------------------------------------- /src/talos/patch/txt_db.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/txt_db/txt_db.c 2017-11-28 10:46:51.996404519 +0000 2 | +++ ../talos/./crypto/txt_db/txt_db.c 2017-07-17 11:08:32.257409376 +0100 3 | @@ -66,6 +66,12 @@ 4 | #undef BUFSIZE 5 | #define BUFSIZE 512 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +int my_fprintf(FILE *stream, const char *format, ...); 9 | +#else 10 | +#define my_fprintf(fd, format, ...) printf(format, ##__VA_ARGS__) 11 | +#endif 12 | + 13 | TXT_DB * 14 | TXT_DB_read(BIO *in, int num) 15 | { 16 | @@ -155,13 +161,13 @@ 17 | } 18 | *(p++)='\0'; 19 | if ((n != num) || (*f != '\0')) { 20 | - fprintf(stderr, "wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f); 21 | + my_fprintf(stderr, "wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f); 22 | er = 2; 23 | goto err; 24 | } 25 | pp[n] = p; 26 | if (!sk_OPENSSL_PSTRING_push(ret->data, pp)) { 27 | - fprintf(stderr, "failure in sk_push\n"); 28 | + my_fprintf(stderr, "failure in sk_push\n"); 29 | er = 2; 30 | goto err; 31 | } 32 | @@ -172,7 +178,7 @@ 33 | BUF_MEM_free(buf); 34 | if (er) { 35 | if (er == 1) 36 | - fprintf(stderr, "malloc failure\n"); 37 | + my_fprintf(stderr, "malloc failure\n"); 38 | if (ret != NULL) { 39 | if (ret->data != NULL) 40 | sk_OPENSSL_PSTRING_free(ret->data); 41 | -------------------------------------------------------------------------------- /src/talos/patch/ui_openssl.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/ui/ui_openssl.c 2019-09-04 14:50:24.062778246 +0900 2 | +++ ../talos/./crypto/ui/ui_openssl.c 2019-09-04 14:49:12.142301536 +0900 3 | @@ -161,6 +161,12 @@ 4 | .ui_close_session = close_console, 5 | }; 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +int my_fprintf(FILE *stream, const char *format, ...); 9 | +#else 10 | +#define my_fprintf(stream, format, ...) fprintf(stream, format, ##__VA_ARGS__) 11 | +#endif 12 | + 13 | /* The method with all the built-in thingies */ 14 | UI_METHOD * 15 | UI_OpenSSL(void) 16 | @@ -203,7 +209,7 @@ 17 | return read_string_inner(ui, uis, 18 | UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1); 19 | case UIT_VERIFY: 20 | - fprintf(tty_out, "Verifying - %s", 21 | + my_fprintf(tty_out, "Verifying - %s", 22 | UI_get0_output_string(uis)); 23 | fflush(tty_out); 24 | if ((ok = read_string_inner(ui, uis, UI_get_input_flags(uis) & 25 | @@ -211,7 +217,7 @@ 26 | return ok; 27 | if (strcmp(UI_get0_result_string(uis), 28 | UI_get0_test_string(uis)) != 0) { 29 | - fprintf(tty_out, "Verify failure\n"); 30 | + my_fprintf(tty_out, "Verify failure\n"); 31 | fflush(tty_out); 32 | return 0; 33 | } 34 | @@ -279,14 +285,14 @@ 35 | if (intr_signal == SIGINT) 36 | ok = -1; 37 | if (!echo) 38 | - fprintf(tty_out, "\n"); 39 | + my_fprintf(tty_out, "\n"); 40 | if (ps >= 2 && !echo && !echo_console(ui)) 41 | ok = 0; 42 | 43 | if (ps >= 1) 44 | popsig(); 45 | 46 | - explicit_bzero(result, BUFSIZ); 47 | + bzero(result, BUFSIZ); 48 | return ok; 49 | } 50 | 51 | -------------------------------------------------------------------------------- /src/talos/patch/ui_openssl_win.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/ui/ui_openssl_win.c 2019-09-04 14:50:24.062778246 +0900 2 | +++ ../talos/./crypto/ui/ui_openssl_win.c 2019-09-04 14:49:12.146301563 +0900 3 | @@ -286,7 +286,7 @@ 4 | if (ps >= 1) 5 | popsig(); 6 | 7 | - explicit_bzero(result, BUFSIZ); 8 | + bzero(result, BUFSIZ); 9 | return ok; 10 | } 11 | 12 | -------------------------------------------------------------------------------- /src/talos/patch/ui_util.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/ui/ui_util.c 2019-09-04 14:50:24.062778246 +0900 2 | +++ ../talos/./crypto/ui/ui_util.c 2019-09-04 14:49:12.150301589 +0900 3 | @@ -67,7 +67,7 @@ 4 | 5 | ret = UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length, 6 | prompt, verify); 7 | - explicit_bzero(buff, BUFSIZ); 8 | + bzero(buff, BUFSIZ); 9 | return (ret); 10 | } 11 | 12 | -------------------------------------------------------------------------------- /src/talos/patch/v3_bcons.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/x509v3/v3_bcons.c 2017-11-28 10:46:52.000404443 +0000 2 | +++ ../talos/./crypto/x509v3/v3_bcons.c 2017-07-17 11:08:32.257409376 +0100 3 | @@ -134,12 +134,37 @@ 4 | return (BASIC_CONSTRAINTS *)ASN1_item_new(&BASIC_CONSTRAINTS_it); 5 | } 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern int sgx_is_within_enclave(const void*, size_t); 9 | +extern BASIC_CONSTRAINTS *in_bc; 10 | +#endif 11 | + 12 | +void 13 | +ecall_BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a) 14 | +{ 15 | +#ifdef COMPILE_WITH_INTEL_SGX 16 | + if (!sgx_is_within_enclave(a, sizeof(*a))) { 17 | + BASIC_CONSTRAINTS_free(in_bc); 18 | + in_bc = NULL; 19 | + } else { 20 | +#endif 21 | + BASIC_CONSTRAINTS_free(a); 22 | +#ifdef COMPILE_WITH_INTEL_SGX 23 | + } 24 | +#endif 25 | +} 26 | void 27 | BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a) 28 | { 29 | ASN1_item_free((ASN1_VALUE *)a, &BASIC_CONSTRAINTS_it); 30 | } 31 | 32 | +ASN1_INTEGER* ecall_X509_BC_get_pathlen(BASIC_CONSTRAINTS* bc) { 33 | + return X509_BC_get_pathlen(bc); 34 | +} 35 | +ASN1_INTEGER* X509_BC_get_pathlen(BASIC_CONSTRAINTS* bc) { 36 | + return (bc?bc->pathlen:0); 37 | +} 38 | 39 | static STACK_OF(CONF_VALUE) * 40 | i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, 41 | -------------------------------------------------------------------------------- /src/talos/patch/v3_enum.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/x509v3/v3_enum.c 2017-11-28 10:46:52.000404443 +0000 2 | +++ ../talos/./crypto/x509v3/v3_enum.c 2017-07-17 11:08:32.257409376 +0100 3 | @@ -60,6 +60,12 @@ 4 | #include 5 | #include 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern char *my_strdup(const char *s); 9 | +#else 10 | +#define my_strdup(s) strdup(s) 11 | +#endif 12 | + 13 | static ENUMERATED_NAMES crl_reasons[] = { 14 | {CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"}, 15 | {CRL_REASON_KEY_COMPROMISE, "Key Compromise", "keyCompromise"}, 16 | @@ -101,7 +107,7 @@ 17 | strval = ASN1_ENUMERATED_get(e); 18 | for (enam = method->usr_data; enam->lname; enam++) { 19 | if (strval == enam->bitnum) 20 | - return strdup(enam->lname); 21 | + return my_strdup(enam->lname); 22 | } 23 | return i2s_ASN1_ENUMERATED(method, e); 24 | } 25 | -------------------------------------------------------------------------------- /src/talos/patch/v3_genn.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/x509v3/v3_genn.c 2017-11-28 10:46:52.000404443 +0000 2 | +++ ../talos/./crypto/x509v3/v3_genn.c 2017-07-17 11:08:32.257409376 +0100 3 | @@ -267,7 +267,9 @@ 4 | { 5 | return (GENERAL_NAME *)ASN1_item_new(&GENERAL_NAME_it); 6 | } 7 | - 8 | +void ecall_GENERAL_NAME_free(GENERAL_NAME *a) { 9 | + GENERAL_NAME_free(a); 10 | +} 11 | void 12 | GENERAL_NAME_free(GENERAL_NAME *a) 13 | { 14 | -------------------------------------------------------------------------------- /src/talos/patch/v3_purp.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/x509v3/v3_purp.c 2017-11-28 10:46:52.000404443 +0000 2 | +++ ../talos/./crypto/x509v3/v3_purp.c 2017-07-17 11:08:32.257409376 +0100 3 | @@ -65,6 +65,12 @@ 4 | #include 5 | #include 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern char *my_strdup(const char *s); 9 | +#else 10 | +#define my_strdup(s) strdup(s) 11 | +#endif 12 | + 13 | static void x509v3_cache_extensions(X509 *x); 14 | 15 | static int check_ssl_ca(const X509 *x); 16 | @@ -228,9 +234,9 @@ 17 | } else 18 | ptmp = X509_PURPOSE_get0(idx); 19 | 20 | - if ((name_dup = strdup(name)) == NULL) 21 | + if ((name_dup = my_strdup(name)) == NULL) 22 | goto err; 23 | - if ((sname_dup = strdup(sname)) == NULL) 24 | + if ((sname_dup = my_strdup(sname)) == NULL) 25 | goto err; 26 | 27 | /* free existing name if dynamic */ 28 | @@ -799,6 +805,10 @@ 29 | */ 30 | 31 | int 32 | +ecall_X509_check_issued(X509 *issuer, X509 *subject) { 33 | + return X509_check_issued(issuer, subject); 34 | +} 35 | +int 36 | X509_check_issued(X509 *issuer, X509 *subject) 37 | { 38 | if (X509_NAME_cmp(X509_get_subject_name(issuer), 39 | -------------------------------------------------------------------------------- /src/talos/patch/x509_cmp.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/x509/x509_cmp.c 2017-11-28 10:46:52.000404443 +0000 2 | +++ ../talos/./crypto/x509/x509_cmp.c 2017-07-17 11:08:32.257409376 +0100 3 | @@ -165,11 +165,26 @@ 4 | #endif 5 | 6 | X509_NAME * 7 | +ecall_X509_get_subject_name(X509 *a) { 8 | + return X509_get_subject_name(a); 9 | +} 10 | +X509_NAME * 11 | X509_get_subject_name(X509 *a) 12 | { 13 | return (a->cert_info->subject); 14 | } 15 | 16 | +ASN1_OBJECT* X509_get_cert_key_algor_algorithm(X509* x) { 17 | + return x->cert_info->key->algor->algorithm; 18 | +} 19 | +ASN1_OBJECT* ecall_X509_get_cert_key_algor_algorithm(X509* x) { 20 | + return X509_get_cert_key_algor_algorithm(x); 21 | +} 22 | + 23 | +ASN1_INTEGER * 24 | +ecall_X509_get_serialNumber(X509 *a) { 25 | + return X509_get_serialNumber(a); 26 | +} 27 | ASN1_INTEGER * 28 | X509_get_serialNumber(X509 *a) 29 | { 30 | @@ -335,6 +350,10 @@ 31 | } 32 | 33 | int 34 | +ecall_X509_check_private_key(X509 *x, EVP_PKEY *k) { 35 | + return X509_check_private_key(x, k); 36 | +} 37 | +int 38 | X509_check_private_key(X509 *x, EVP_PKEY *k) 39 | { 40 | EVP_PKEY *xk; 41 | -------------------------------------------------------------------------------- /src/talos/patch/x509_obj.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/x509/x509_obj.c 2017-11-28 10:46:52.000404443 +0000 2 | +++ ../talos/./crypto/x509/x509_obj.c 2017-07-17 11:08:32.257409376 +0100 3 | @@ -65,6 +65,29 @@ 4 | #include 5 | #include 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +#include "sgx_error.h" 9 | + 10 | +extern sgx_status_t ocall_malloc(void** retval, size_t size); 11 | + 12 | +char* X509_name_online_buffer = NULL; 13 | +#endif 14 | +char * 15 | +ecall_X509_NAME_oneline(X509_NAME *a, char *buf, int len) 16 | +{ 17 | +#ifdef COMPILE_WITH_INTEL_SGX 18 | + if (!buf) { 19 | + if (!X509_name_online_buffer) { 20 | + ocall_malloc((void**)&X509_name_online_buffer, 8192); 21 | + } 22 | + return X509_NAME_oneline(a, X509_name_online_buffer, len); 23 | + } else { 24 | +#endif 25 | + return X509_NAME_oneline(a, buf, len); 26 | +#ifdef COMPILE_WITH_INTEL_SGX 27 | + } 28 | +#endif 29 | +} 30 | char * 31 | X509_NAME_oneline(X509_NAME *a, char *buf, int len) 32 | { 33 | @@ -177,3 +200,10 @@ 34 | BUF_MEM_free(b); 35 | return (NULL); 36 | } 37 | + 38 | +ASN1_OBJECT* ecall_X509_get_algorithm(X509* ptr) { 39 | + return X509_get_algorithm(ptr); 40 | +} 41 | +ASN1_OBJECT* X509_get_algorithm(X509* ptr) { 42 | + return ptr->cert_info->key->algor->algorithm; 43 | +} 44 | -------------------------------------------------------------------------------- /src/talos/patch/x509_trs.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/x509/x509_trs.c 2017-11-28 10:46:52.000404443 +0000 2 | +++ ../talos/./crypto/x509/x509_trs.c 2017-07-17 11:08:32.257409376 +0100 3 | @@ -62,6 +62,12 @@ 4 | #include 5 | #include 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern char *my_strdup(const char *s); 9 | +#else 10 | +#define my_strdup(s) strdup(s) 11 | +#endif 12 | + 13 | static int tr_cmp(const X509_TRUST * const *a, const X509_TRUST * const *b); 14 | static void trtable_free(X509_TRUST *p); 15 | 16 | @@ -198,7 +204,7 @@ 17 | } 18 | } 19 | 20 | - if ((name_dup = strdup(name)) == NULL) 21 | + if ((name_dup = my_strdup(name)) == NULL) 22 | goto err; 23 | 24 | /* free existing name if dynamic */ 25 | -------------------------------------------------------------------------------- /src/talos/patch/x509_vfy.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/x509/x509_vfy.c 2017-11-28 10:46:52.000404443 +0000 2 | +++ ../talos/./crypto/x509/x509_vfy.c 2017-07-17 11:08:32.257409376 +0100 3 | @@ -1624,6 +1624,20 @@ 4 | return ok; 5 | } 6 | 7 | +ASN1_TIME* ecall_X509_get_notBefore(X509* x) { 8 | + return X509_get_notBefore(x); 9 | +} 10 | +ASN1_TIME* X509_get_notBefore(X509* x) { 11 | + return x->cert_info->validity->notBefore; 12 | +} 13 | + 14 | +ASN1_TIME* ecall_X509_get_notAfter(X509* x) { 15 | + return X509_get_notAfter(x); 16 | +} 17 | +ASN1_TIME* X509_get_notAfter(X509* x) { 18 | + return x->cert_info->validity->notAfter; 19 | +} 20 | + 21 | int 22 | X509_cmp_current_time(const ASN1_TIME *ctm) 23 | { 24 | -------------------------------------------------------------------------------- /src/talos/patch/x509_vpm.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/x509/x509_vpm.c 2017-11-28 10:46:52.000404443 +0000 2 | +++ ../talos/./crypto/x509/x509_vpm.c 2017-07-17 11:08:32.257409376 +0100 3 | @@ -65,6 +65,12 @@ 4 | #include 5 | #include 6 | 7 | +#ifdef COMPILE_WITH_INTEL_SGX 8 | +extern char *my_strdup(const char *s); 9 | +#else 10 | +#define my_strdup(s) strdup(s) 11 | +#endif 12 | + 13 | /* X509_VERIFY_PARAM functions */ 14 | 15 | static void 16 | @@ -216,7 +222,7 @@ 17 | param->name = NULL; 18 | if (name == NULL) 19 | return 1; 20 | - param->name = strdup(name); 21 | + param->name = my_strdup(name); 22 | if (param->name) 23 | return 1; 24 | return 0; 25 | -------------------------------------------------------------------------------- /src/talos/patch/x509v3.h.patch: -------------------------------------------------------------------------------- 1 | --- ./include/openssl/x509v3.h 2017-03-08 11:15:50.785463273 +0000 2 | +++ ../talos/./include/openssl/x509v3.h 2017-03-08 11:13:57.543750551 +0000 3 | @@ -507,8 +507,12 @@ 4 | 5 | DECLARE_STACK_OF(X509_PURPOSE) 6 | 7 | +void ecall_BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a); 8 | DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) 9 | 10 | +ASN1_INTEGER* ecall_X509_BC_get_pathlen(BASIC_CONSTRAINTS* bc); 11 | +ASN1_INTEGER* X509_BC_get_pathlen(BASIC_CONSTRAINTS* bc); 12 | + 13 | DECLARE_ASN1_FUNCTIONS(SXNET) 14 | DECLARE_ASN1_FUNCTIONS(SXNETID) 15 | 16 | @@ -525,6 +529,7 @@ 17 | DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) 18 | 19 | DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) 20 | +void ecall_GENERAL_NAME_free(GENERAL_NAME *a); 21 | GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a); 22 | int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b); 23 | 24 | @@ -681,6 +686,7 @@ 25 | int X509_check_purpose(X509 *x, int id, int ca); 26 | int X509_supported_extension(X509_EXTENSION *ex); 27 | int X509_PURPOSE_set(int *p, int purpose); 28 | +int ecall_X509_check_issued(X509 *issuer, X509 *subject); 29 | int X509_check_issued(X509 *issuer, X509 *subject); 30 | int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid); 31 | int X509_PURPOSE_get_count(void); 32 | -------------------------------------------------------------------------------- /src/talos/patch/x_all.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/x509/x_all.c 2017-11-28 10:46:52.000404443 +0000 2 | +++ ../talos/./crypto/x509/x_all.c 2017-07-17 11:08:32.257409376 +0100 3 | @@ -496,6 +496,10 @@ 4 | } 5 | 6 | int 7 | +ecall_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) { 8 | + return X509_sign(x, pkey, md); 9 | +} 10 | +int 11 | X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) 12 | { 13 | x->cert_info->enc.modified = 1; 14 | @@ -551,6 +555,11 @@ 15 | } 16 | 17 | int 18 | +ecall_X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md, 19 | + unsigned int *len) { 20 | + return X509_pubkey_digest(data, type, md, len); 21 | +} 22 | +int 23 | X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md, 24 | unsigned int *len) 25 | { 26 | @@ -562,6 +571,13 @@ 27 | } 28 | 29 | int 30 | +ecall_X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, 31 | + unsigned int *len) 32 | +{ 33 | + return X509_digest(data, type, md, len); 34 | +} 35 | + 36 | +int 37 | X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, 38 | unsigned int *len) 39 | { 40 | -------------------------------------------------------------------------------- /src/talos/patch/x_name.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/asn1/x_name.c 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/asn1/x_name.c 2017-07-17 11:08:32.261409300 +0100 3 | @@ -130,6 +130,10 @@ 4 | } 5 | 6 | void 7 | +ecall_X509_NAME_ENTRY_free(X509_NAME_ENTRY *a) { 8 | + X509_NAME_ENTRY_free(a); 9 | +} 10 | +void 11 | X509_NAME_ENTRY_free(X509_NAME_ENTRY *a) 12 | { 13 | ASN1_item_free((ASN1_VALUE *)a, &X509_NAME_ENTRY_it); 14 | -------------------------------------------------------------------------------- /src/talos/patch/x_x509.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/asn1/x_x509.c 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/asn1/x_x509.c 2017-07-17 11:08:32.261409300 +0100 3 | @@ -260,12 +260,21 @@ 4 | } 5 | 6 | X509 * 7 | +ecall_X509_new(void) 8 | +{ 9 | + return X509_new(); 10 | +} 11 | +X509 * 12 | X509_new(void) 13 | { 14 | return (X509 *)ASN1_item_new(&X509_it); 15 | } 16 | 17 | void 18 | +ecall_X509_free(X509 *a) { 19 | + return X509_free(a); 20 | +} 21 | +void 22 | X509_free(X509 *a) 23 | { 24 | ASN1_item_free((ASN1_VALUE *)a, &X509_it); 25 | @@ -278,6 +287,11 @@ 26 | } 27 | 28 | int 29 | +ecall_X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 30 | + CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { 31 | + return X509_get_ex_new_index(argl, argp, new_func, dup_func, free_func); 32 | +} 33 | +int 34 | X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 35 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) 36 | { 37 | @@ -286,12 +300,20 @@ 38 | } 39 | 40 | int 41 | +ecall_X509_set_ex_data(X509 *r, int idx, void *arg) { 42 | + return X509_set_ex_data(r, idx, arg); 43 | +} 44 | +int 45 | X509_set_ex_data(X509 *r, int idx, void *arg) 46 | { 47 | return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); 48 | } 49 | 50 | void * 51 | +ecall_X509_get_ex_data(X509 *r, int idx) { 52 | + return X509_get_ex_data(r, idx); 53 | +} 54 | +void * 55 | X509_get_ex_data(X509 *r, int idx) 56 | { 57 | return (CRYPTO_get_ex_data(&r->ex_data, idx)); 58 | -------------------------------------------------------------------------------- /src/talos/patch/x_x509a.c.patch: -------------------------------------------------------------------------------- 1 | --- ./crypto/asn1/x_x509a.c 2017-11-28 10:46:51.992404595 +0000 2 | +++ ../talos/./crypto/asn1/x_x509a.c 2017-07-17 11:08:32.261409300 +0100 3 | @@ -57,11 +57,16 @@ 4 | */ 5 | 6 | #include 7 | +#include 8 | 9 | #include 10 | #include 11 | #include 12 | 13 | +#ifdef COMPILE_WITH_INTEL_SGX 14 | +extern void* ocall_realloc(void**, void*, size_t); 15 | +#endif 16 | + 17 | /* X509_CERT_AUX routines. These are used to encode additional 18 | * user modifiable data about a certificate. This data is 19 | * appended to the X509 encoding when the *_X509_AUX routines 20 | @@ -189,6 +194,25 @@ 21 | return ASN1_STRING_set(aux->keyid, id, len); 22 | } 23 | 24 | +static unsigned char* ecall_alias_buffer = NULL; 25 | +static int ecall_alias_buffer_len = 0; 26 | +unsigned char * 27 | +ecall_X509_alias_get0(X509 *x, int *len) { 28 | + unsigned char* p = X509_alias_get0(x, len); 29 | + if (!p) { 30 | + return NULL; 31 | + } 32 | + if (*len > ecall_alias_buffer_len) { 33 | +#ifdef COMPILE_WITH_INTEL_SGX 34 | + ocall_realloc((void**)&ecall_alias_buffer, (void*)ecall_alias_buffer, *len); 35 | +#else 36 | + ecall_alias_buffer = (unsigned char*) realloc(ecall_alias_buffer, *len); 37 | +#endif 38 | + ecall_alias_buffer_len = *len; 39 | + } 40 | + memcpy(ecall_alias_buffer, p, *len); 41 | + return ecall_alias_buffer; 42 | +} 43 | unsigned char * 44 | X509_alias_get0(X509 *x, int *len) 45 | { 46 | -------------------------------------------------------------------------------- /src/talos/patch_libressl.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | LIBRESSL=../libressl-2.4.1 4 | 5 | # copy the new files to the crypto directory 6 | cp enclaveshim/* ${LIBRESSL}/crypto/ 7 | 8 | # patch the libressl files 9 | cd $LIBRESSL 10 | find ../talos/patch -mindepth 1 -maxdepth 1 -type f -name "*.patch" -print0 | xargs -0 -I {} patch -p0 -i {} 11 | --------------------------------------------------------------------------------